skip to content
/
Research Advisories CodeQL Wall of Fame Events Get Involved
Advisories
Vulnerabilities we've disclosed
We find and report vulnerabilities in open source projects, following coordinated disclosure. We publish vulnerabilities here only after patches are available.

2024

GHSL-2024-091_GHSL-2024-092: DNS rebinding attacks against Home-gallery - CVE-2024-53275, CVE-2024-53276

Home-gallery is vulnerable to DNS rebinding attacks and implements a broad CORS policy that may make it vulnerable to present or future attacks.
Author avatar

GHSL-2024-075_GHSL-2024-076: Stored Cross-Site Scripting (XSS) and Remote Code Execution (RCE) via Velocity Template Evaluation in Sonatype Nexus 2

Sonatype Nexus 2 is affected by multiple high severity vulnerabilities, including Stored Cross-Site Scripting (XSS) and Remote Code Execution (RCE) via Velocity Template Evaluation.
Author avatar

GHSL-2024-072_GHSL-2024-074: Stored Cross-Site Scripting (XSS), Arbitrary File Upload, and Arbitrary File Read/Write via Path Traversal in Reposilite - CVE-2024-36115, CVE-2024-36116, CVE-2024-36117

Reposilite is affected by multiple high severity vulnerabilities, including Stored Cross-Site Scripting (XSS) allowing unauthenticated users to steal the victim's password from the browser's local storage, and Arbitrary File Upload, and Arbitrary File Read/Write via Path Traversal.
Author avatar

GHSL-2024-294: Environment variable injection leading to potential secret exfiltration and privilege escalation in Azure/cli

Azure/azure-cli is vulnerable to Environment Variable Injection which may allow a malicious actor to exfiltrate the CLI_BOT secret.
Author avatar

GHSL-2024-280: Use-After-Free read in Matroska CodecPrivate in GStreamer - CVE-2024-47834

An use-after-free vulnerability has been detected in Matroska CodecPrivate in GStreamer.
Author avatar

GHSL-2024-262: OOB-read in gst_avi_subtitle_parse_gab2_chunk in GStreamer - CVE-2024-47774

An out-of-bounds read has been detected in gst_avi_subtitle_parse_gab2_chunk in GStreamer.
Author avatar

GHSL-2024-260: OOB-read in gst_wavparse_cue_chunk in GStreamer - CVE-2024-47776

An out-of-bounds read has been detected in gst_wavparse_cue_chunk in GStreamer.
Author avatar

GHSL-2024-259: OOB-read in gst_wavparse_smpl_chunk in GStreamer - CVE-2024-47777

An out-of-bounds read has been detected in gst_wavparse_smpl_chunk in GStreamer.
Author avatar

GHSL-2024-258: OOB-read in gst_wavparse_adtl_chunk in GStreamer - CVE-2024-47778

An out-of-bounds read has been detected in gst_wavparse_adtl_chunk in GStreamer.
Author avatar

GHSL-2024-251: Null pointer dereference in gst_matroska_demux_update_tracks in GStreamer - CVE-2024-47603

A null pointer dereference has been detected in gst_matroska_demux_update_tracks in GStreamer.
Author avatar

GHSL-2024-250: Null pointer dereference in gst_matroska_demux_add_wvpk_header in GStreamer - CVE-2024-47602

A null pointer dereference has been detected in gst_matroska_demux_add_wvpk_header in GStreamer.
Author avatar

GHSL-2024-249: Null pointer dereference in gst_matroska_demux_parse_blockgroup_or_simpleblock in GStreamer - CVE-2024-47601

A null pointer dereference has been detected in gst_matroska_demux_parse_blockgroup_or_simpleblock in GStreamer.
Author avatar

GHSL-2024-248: OOB-read in format_channel_mask in GStreamer - CVE-2024-47600

An out-of-bounds read has been detected in format_channel_mask in GStreamer.
Author avatar

GHSL-2024-245: OOB-read in qtdemux_parse_samples in GStreamer - CVE-2024-47597

An out-of-bounds read has been detected in qtdemux_parse_samples in GStreamer.
Author avatar

GHSL-2024-244: OOB-read in FOURCC_SMI_ parsing in GStreamer - CVE-2024-47596

An out-of-bounds read has been detected in FOURCC_SMI_ parsing in GStreamer.
Author avatar

GHSL-2024-242: Integer underflow in FOURCC_strf parsing leading to OOB-read in GStreamer - CVE-2024-47545

An integer underflow in FOURCC_strf parsing may result in an out-of-bounds read in GStreamer.
Author avatar

GHSL-2024-236: OOB-read in qtdemux_parse_container in GStreamer - CVE-2024-47543

An out-of-bounds read has been detected in qtdemux_parse_container in GStreamer.
Author avatar

GHSL-2024-228: OOB-write in subparse/gstssaparse.c in GStreamer - CVE-2024-47541

An out-of-bounds write has been detected in subparse/gstssaparse.c in GStreamer.
Author avatar

GHSL-2024-197: Uninitialized variable in gst_matroska_demux_add_wvpk_header leading to function pointer overwriting in GStreamer - CVE-2024-47540

An uninitialized variable in gst_matroska_demux_add_wvpk_header may allow attackers to overwrite a function pointer in GStreamer.
Author avatar

GHSL-2024-195: OOB-write in convert_to_s334_1a in GStreamer - CVE-2024-47539

An out-of-bounds write has been detected in convert_to_s334_1a in Gstreamer
Author avatar

GHSL-2024-109_GHSL-2024-111: Reflected Cross-Site Scripting (XSS) vulnerabilities in habitica

Multiple reflected XSS vulnerabilities exist in the registration and login forms of habitica, giving the attacker control of the victim's account when a victim registers or logins with a specially crafted link.
Author avatar

GHSL-2024-094: OOB-write in Gstreamer - CVE-2024-47537

An out-of-bounds write vulnerability has been detected in `isomp4/qtdemux.c` in GStreamer.
Author avatar

GHSL-2024-338: Code Injection in Angular JA’s Actions workflow

angular/angular-ja repository is vulnerable to a code injection in its adev-preview-deploy.yml workflow which may an attacker to gain write permissions for the pull_request scope and leak the Firebase token.
Author avatar

GHSL-2024-336: Cross Site Scripting (XSS) in palindrome checker from freeCodeCamp/demo-projects

The palindrome checker project hosted on https://palindrome-checker.freecodecamp.rocks/ is vulnerable to XSS.
Author avatar

GHSL-2024-314: Poisoned Pipeline Execution (PPE) in AWS Karpenter Provider

aws/karpenter-provider-aws repository is vulnerable to Poisoned Pipeline Execution (PPE) which may lead to AWS Key exfiltration
Author avatar

GHSL-2024-313: Poisoned Pipeline Execution (PPE) in Marimo

Marimo is vulnerable to Poisoned Pipeline Execution (PPE) which may allow an attacker to get write permissions to the repository and exfiltrate secrets such as TURBO_TOKEN or NPM_TOKEN
Author avatar

GHSL-2024-305: Information disclosure via PlexRipper’s open CORS policy - CVE-2024-49763

PlexRipper's open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker's domain.
Author avatar

GHSL-2024-266_GHSL-2024-267: Poisoned Pipeline Execution via Environment Variable Injection in Adobe React Spectrum Charts

Adobe's react-spectrum-charts GitHub repository is vulnerable to Poisoned Pipeline Execution via Environment Variable Injection in its pr-sonar.yml workflow. A malicious actor could gain full-write permissions to the repository and access to the https://github/adobe organization secrets.
Author avatar

GHSL-2024-252: Environment variable injection in Cloudflare workers-sdk

Cloudflare workers-sdk write-prerelease-comment.yml workflow is vulnerable to environment variable injection which may allow an attacker to leak secrets and gain write access to the repository.
Author avatar

GHSL-2024-226_GHSL-2024-227: Poisoned Pipeline Execution (PPE) in Cilium

Cilium push-chart-ci.yaml workflow is vulnerable to a Poisoned Pipeline Execution (PPE) attack which may lead to the exfiltration of the QUAY_CHARTS_DEV_PASSWORD and QUAY_CHARTS_DEV_USERNAME secrets. Additionally, it is also vulnerable to Cache Poisoning attack which may allow an attacker to gain elevated privileges in a different workflow.
Author avatar

GHSL-2024-205_GHSL-2024-206: Code Injection in Stirling PDF

Multiple Code Injection vulnerabilities exist in the check_properties.yml workflow, allowing an external user to gain write permissions to the repository.
Author avatar

GHSL-2024-060_GHSL-2024-068: Several vulnerabilities in MarkUs - CVE-2024-51499, CVE-2024-51743, CVE-2024-47820

Several vulnerabilities were found in MarkUs, a web application for the submission and grading of student assignments. They can lead up to Remote Code Execution (RCE) via the submission of a student.
Author avatar

GHSL-2023-272_GHSL-2023-274: Command Injection and Server-Side Request Forgery (SSRF) in Hoverfly - CVE-2024-45388

Hoverfly is a lightweight service virtualization/API simulation/API mocking tool for developers and testers. The hoverfly server is vulnerable to command injection, server-side request forgery (SSRF) and arbitrary file read.
Author avatar

GHSL-2024-324: ReDoS potentially leading to a denial of service in Giskard - CVE-2024-52524

The gruber regex in transformation.py has a ReDoS vulnerability, which could potentially lead to a denial of service in Giskard.
Author avatar

GHSL-2024-320_GHSL-2024-321: Poisoned Pipeline Execution (PPE) via Code Injection in multiple Eclipse repositories

Multiple Eclipse repositories are vulnerable to Poisoned Pipeline Execution (PPE) via Code Injection allowing a malicious actor to exfiltrate the Eclipse's Personal Access Token with organization write permission.
Author avatar

GHSL-2024-255: Possible secret exfiltration and repository manipulation via environment variable injection in docker-mailserver

docker-mailserver docs-preview-deploy.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation.
Author avatar

GHSL-2024-164: Remote Code Execution (RCE) via Cross-Site Scripting (XSS) in Umbrel - CVE-2024-49379

A Cross-Site Scripting (XSS) vulnerability was found in the login functionality of Umbrel, a home server OS. It can lead up to Remote Code Execution (RCE).
Author avatar

GHSL-2024-322: Poisoned Pipeline Execution (PPE) via code injection in Sympy

The comment-on-pr.yml workflow is vulnerable to Poisoned Pipeline Execution (PPE) which may allow a malicious actor to gain write access to the repository and exfiltrate secrets.
Author avatar

GHSL-2024-319: Poisoned Pipeline Execution (PPE) via code injection in Trino DB

Trino's upload-test-results.yml workflow is vulnerable to Code Injection which may allow a malicious actor to gain write access to the repository and exfiltrate secrets.
Author avatar

GHSL-2024-268: Poisoned Pipeline Execution (PPE) via execution of untrusted checked-out code in Hibernate ORM

Hibernate ORM is vulnerable to Poisoned Pipeline Execution (PPE) allowing malicious actors to exfiltrate their Develocity access keys.
Author avatar

GHSL-2024-253: Poisoned Pipeline Execution (PPE) via environment variable injection in Zephyr

Zephyr doc-publish-pr.yml workflow is vulnerable to environment variable injection which may allow an attacker to leak secrets and gain write access to the repository.
Author avatar

GHSL-2024-297_GHSL-2024-298: Remote Code Execution in Plenti via arbitrary file write and arbitrary file deletion - CVE-2024-49380, CVE-2024-49381

Plenti's serve command creates a local server to view one's website. This server is vulnerable to arbitrary file write and arbitrary file deletion, which may lead to remote code execution.
Author avatar

GHSL-2024-207: Pull requests write permission in k3s via Poisoned Pipeline Execution (PPE)

The k3s repository is vulnerable to Poisoned Pipeline Execution (PPE). An attacker can gain pull_requests: write permission by sending a Pull Request and adding a comment to it.
Author avatar

GHSL-2024-011: Arbitrary javascript execution in Edge and Firefox via a universal Cross-Site Scripting (UXSS) in smartup - CVE-2024-49378

A universal XSS is present in the Edge and Firefox versions of Smartup, allowing another extension to execute arbitrary code in the context of the active tab.
Author avatar

GHSL-2024-148_GHSL-2024-149: Code Injection and Execution of Untrusted Code in Astro's Actions workflows

Astro contains Actions workflows that are vulnerable to Code Injection and Execution of Untrusted Code which could be leverage to steal secrets and poison the cache.
Author avatar

GHSL-2024-127_GHSL-2024-129: Remote Code Execution (RCE) via Cross-Site Scripting (XSS) in OpenC3 COSMOS - CVE-2024-43795, CVE-2024-46977, CVE-2024-47529

Several vulnerabilities were found in OpenC3 COSMOS, a web application that is used to control satellites and test equipment. They can lead up to Remote Code Execution (RCE) via cross-site scripting (XSS).
Author avatar

GHSL-2022-085: Java deserialization leading to RCE in pac4j-core - CVE-2023-25581

pac4j-core prior to version 4 is affected by a Java deserialization vulnerability leading to remote code execution.
Author avatar

GHSL-2024-178: Possible full repository takeover for RSSHub through Artifact Poisoning - CVE-2024-47179

RSSHub's docker-test-cont.yml workflow is vulnerable to Artifact Poisoning which may lead to a full repository takeover.
Author avatar

GHSL-2024-150_GHSL-2024-157: Possible secret exfiltration and write access to Gradio through untrusted code execution

Gradio contains multiple Workflows vulnerables to Execution of untrusted code enabling an attacker to steal secret tokens and gain write access to the Gradio repository.
Author avatar

GHSL-2024-126: Potential account takeover in Kong through Actions expression injection

Kong is vulnerable to Actions expression injection allowing an attacker to takeover the repository and steal secrets.
Author avatar

GHSL-2023-220: Reflected Cross-Site Scripting (XSS) vulnerability in Alist - CVE-2024-47067

A reflected Cross-Site Scripting (XSS) vulnerability exists in Alist that may allow unauthenticated users to steal the JWT token of users that click on a specially crafted link. In the worst case, this may allow an unauthenticated user to copy, delete and read arbitrary files on connected services or locally.
Author avatar

GHSL-2024-169: Poisoned Pipeline Execution (PPE) leads to potential repository takeover in Arduino-ESP32 - CVE-2024-45798

Arduino-esp32 is vulnerable to Poisoned Pipeline Execution (PPE) allowing malicious actors to take over the repository.
Author avatar

GHSL-2024-120: Actions code injection in Milvus leading to potential repository takeover and secrets leak

Milvus is vulnerable to Actions code injection allowing an attacker to alter the repository and steal secrets.
Author avatar

GHSL-2024-095: Type confusion leading to RCE in the Chrome renderer sandbox - CVE-2024-5830

Type confusion between fast and dictionary objects in TryFastAddDataProperty in v8
Author avatar

GHSL-2024-171: Poisoned Pipeline Execution (PPE) leading to potential repository takeover in QGIS

The QGIS repository is vulnerable to Poisoned Pipeline Execution (PPE) which may allow a malicious actor to take over the repository.
Author avatar

GHSL-2024-160: Cache poisoning in JFrog Artifactory - CVE-2024-6915

JFrog Artifactory is affected by an improper input validation vulnerability that allows artifact's cache poisoning. This vulnerability only affects Artifactory instances that have at least one proxy repository.
Author avatar

GHSL-2024-096: DNS rebinding in Homepage, leading to private information disclosure - CVE-2024-42364

The default setup of homepage is vulnerable to DNS rebinding which may allow an attacker website to read the private information of the homepage owner.
Author avatar

GHSL-2024-093: Remote Code Execution (RCE) in Haven - CVE-2024-39906

A command injection vulnerability in the IndieAuth functionality of the Haven blog web application leads to code execution when an authenticated administrator is tricked to access a crafted link.
Author avatar

GHSL-2024-177: Environment Variable injection in an Actions workflow of Litestar - CVE-2024-42370

Litestar docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation.
Author avatar

GHSL-2024-159: Poisoned Pipeline Execution (PPE) in an Actions workflow of Element+

Element+ is vulnerable to Poisoned Pipeline Execution (PPE) which may allow an attacker to gain write acces to the repository and the CROWDIN_TOKEN token.
Author avatar

GHSL-2024-058_GHSL-2024-059: Actions expression injection in an Actions workflow of starrocks

starrocks is vulnerable to Actions expression injection allowing an attacker to take over the repository and steal secrets.
Author avatar

GHSL-2024-057: Actions expression injection in an Actions workflow of Infinispan

Infinispan is vulnerable to Actions expression injection allowing an attacker to take over the repository and steal secrets.
Author avatar

GHSL-2024-054: Actions expression injection in an Actions workflow of OpenIM

OpenIM is vulnerable to Actions expression injection allowing attackers to take over the GitHub Runner and steal the BOT_GITHUB_TOKEN secret.
Author avatar

GHSL-2024-052: Actions expression injection in an Actions workflow of AsyncAPI

An AsyncAPI organization-wide workflow is vulnerable to Actions expression injection allowing an attacker to take over the repositories and steal secrets.
Author avatar

GHSL-2024-050: Actions expression injection in an Actions workflow of Cromwell

Cromwell is vulnerable to an Actions expression injection allowing an attacker to take over the repository and steal secrets.
Author avatar

GHSL-2024-049: Actions expression injection in an Actions workflow of EVE

EVE is vulnerable to Actions expression injection allowing an attacker to take over the GitHub Runner and potentially approve any Pull Requests.
Author avatar

GHSL-2024-048: Actions expression injection in a Actions workflow of Infinispan

Infinispan is vulnerable to Actions expression injection allowing an attacker to take over the repository and steal secrets.
Author avatar

GHSL-2024-035_GHSL-2024-036: CORS misconfguration and Reflected XSS in Casdoor - CVE-2024-41657, CVE-2024-41658

Casdoor is vulnerable to a CORS misconfiguration and a reflected Cross-Site Scripting (XSS) vulnerability, both of which may allow an attacker to take actions on behalf of the signed-in user.
Author avatar

GHSL-2024-034: Privilege escalation in memos - CVE-2024-41659

A CORS misconfiguration in memos can allow an attacker to read private information or make privileged changes to the system.
Author avatar

GHSL-2024-031_GHSL-2024-032: unauthorized repository modification or secrets exfiltration in Actions workflows of fabric.js

Insecure usage of pull_request_target and PR title make fabric.js repository vulnerable to an unauthorized repository modification or secrets exfiltration.
Author avatar

GHSL-2023-136: Remote Code Execution (RCE) in Samson

Samson's Kubernetes::RoleVerificationsController deserializes user-controllable data leading to Remote Code Execution (RCE).
Author avatar

GHSL-2024-168: Poisoned Pipeline Execution (PPE) in Stencil's pack-and-comment.yml and tech-debt-burndown.yml

Stencil's pack-and-comment.yml and tech-debt-burndown.yml workflows are vulnerable to Poisoned Pipeline Execution (PPE).
Author avatar

GHSL-2024-167: Poisoned Pipeline Execution through Code Injection in Monkeytype - CVE-2024-41127

Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access.
Author avatar

GHSL-2024-163: GitHub's workflow unit-tests.yml is vulnerable to arbitrary code execution

The unit-tests.yml GitHub's workflow is vulnerable to arbitrary code execution.
Author avatar

GHSL-2024-158: Poisoned Pipeline Execution (PPE) in Excalidraw

Excalidraw is vulnerable to Poisoned Pipeline Execution (PPE) on its autorelease-preview.yml workflow allowing an external attacker to gain write access to the repository.
Author avatar

GHSL-2024-121_GHSL-2024-122: Actions expression injection in Ant-Design

Ant-Design is vulnerable to Actions expression injection allowing an attacker to alter the repository and steal secrets.
Author avatar

GHSL-2024-144: Checkout and execution of untrusted code in the GitHub workflows of JupyterLab - CVE-2024-39700

JupyterLab is vulnerable to checkout and execution of untrusted code in the GitHub workflows allowing attacker to gain write access and read secrets from the repository.
Author avatar

GHSL-2024-124_GHSL-2024-125: Actions expression injection and artifact poisoning in Quarkus

Quarkus is vulnerable to Actions expression injection and Artifact Poisoning allowing an attacker to alter the repository and steal secrets.
Author avatar

GHSL-2024-145: Actions expression injection in Discord.js

Discord.js is vulnerable to Actions expression injection allowing an attacker to take over the repository and steal secrets.
Author avatar

GHSL-2024-069: Unsafe YAML Deserialization in ngrinder

A retest of GHSL-2023-239/CVE-2024-28212 uncovered that the endpoint /script/api/github/validate of ngrinder remained susceptible to unsafe YAML deserialization.
Author avatar

GHSL-2024-030: Potential secrets exfiltration from a Pull Request in docfx

Insecure usage of pull_request_target makes docfx repository vulnerable to secrets exfiltration.
Author avatar

GHSL-2024-025_GHSL-2024-026: Potential secret exfiltration from a Pull Request in AutoGen

Several GitHub workflow may leak secret API Keys (OpenAI, Azure, Bing, etc.) when triggered by any Pull Request.
Author avatar

GHSL-2023-238_GHSL-2023-244: unauthenticated remote code execution (RCE) and other vulnerabilities in ngrinder - CVE-2024-28211, CVE-2024-28212, CVE-2024-28213, CVE-2024-28214, CVE-2024-28215, CVE-2024-28216

Several vulnerabilities were discovered in the ngrinder web application from Naver, including two unauthenticated remote code execution (RCE) vulnerabilities.
Author avatar

GHSL-2024-089: Path traversal in youtube-dl leading to RCE - CVE-2024-38519

youtube-dl doesn't validate the subtitle extension name, which makes its Windows users vulnerable to path traversal and allows for arbitrary binary file overwrite when downloading a video with subtitles from a crafted link.
Author avatar

GHSL-2024-071: Memory corruption in Chromium - CVE-2024-3832

Opening a malicious website in affected versions of Chrome can lead to object corruption in the Chrome renderer.
Author avatar

GHSL-2024-070: Remote Code Execution (RCE) in Chromium - CVE-2024-3833

Opening a malicious website in affected versions of Chrome can lead to object corruption that can be exploited to gain code execution in Chrome's renderer.
Author avatar

GHSL-2024-090: Path traversal in yt-dlp leading to RCE - CVE-2024-38519

yt-dlp doesn't validate the subtitle extension name, which makes its Windows users vulnerable to path traversal and allows for arbitrary binary file overwrite when downloading a video with subtitles from a crafted link.
Author avatar

GHSL-2024-037: GitHub Actions expression injection in BioDrop

BioDrop is vulnerable to Actions expression injection allowing an attacker to manipulate repository issues.
Author avatar

GHSL-2024-016: Insufficient markdown sanitization in nuget.org - CVE-2024-37304

NuGetGallery powers https://nuget.org/ - the main public source for dotnet packages. Readme files in markdown format associated with NuGet packages are rendered as HTML. NuGetGallery filters JavaScript from links, but fails to do so with autolinks.
Author avatar

GHSL-2024-001_GHSL-2024-003: Remote DoS and potential authentication bypasses in RubyGems.org - CVE-2024-35221

A Remote DoS vulnerability and potential authentication bypasses were found in RubyGems.org, the project powering the Ruby community’s gem hosting service at rubygems.org.
Author avatar

GHSL-2024-029: Denial of Service (DoS) in Zammad - CVE-2024-33667

A denial of service (DoS) vulnerability was found in the helpdesk software Zammad. An authenticated attacker could have prevented the web application from handling any requests.
Author avatar

GHSL-2024-040: Cross-Site Scripting (XSS) in the sign-in page of typebot.io - CVE-2024-30264

A reflected cross-site scripting (XSS) in the sign-in page of typebot.io may allow an attacker to hijack a user's account.
Author avatar

GHSL-2024-015: Cross-Site Request Forgery (CSRF) in the livemarks browser extension - CVE-2024-30252

The livemarks browser extension is vulnerable to a CSRF attack. A malicious website may be able to coerce the extension to send an authenticated GET request to an arbitrary URL.
Author avatar

GHSL-2024-013_GHSL-2024-014: SQL injection vulnerability in Meshery - CVE-2024-35181, CVE-2024-35182

A SQL injection vulnerability in Meshery up to v0.7.22 allows a remote attacker to obtain sensitive information, alter database registries, or create arbitrary files via the order and sort parameters of two HTTP endpoints.
Author avatar

GHSL-2024-009: LDAP injection in Redash - CVE-2020-36144

Redash is vulnerable to LDAP injection which may allow password spraying.
Author avatar

GHSL-2024-055: GitHub Actions expression injection in DuckDB

DuckDB is vulnerable to Actions expression injection allowing attackers to take over the repository and steal secrets.
Author avatar

GHSL-2024-053: GitHub Actions expression injection in Hedy

Hedy is vulnerable to Actions expression injection allowing attackers to take over the repository and steal secrets.
Author avatar

GHSL-2024-051: GitHub Actions expression injection in Misskey

Misskey is vulnerable to Actions expression injection allowing an attacker to take over the repository and steal secrets.
Author avatar

GHSL-2024-044: GitHub Actions expression injection in Simple Icons

Simple Icons is vulnerable to an Actions expression injection, allowing an attacker to take over the repository and steal secrets.
Author avatar

GHSL-2024-041_GHSL-2024-042: GitHub Actions expression injection in KubeBlocks

KubeBlocks is vulnerable to Actions expression injection allowing an attacker to take over the repository and steal secrets.
Author avatar

GHSL-2024-038: GitHub Actions expression injection in Kolibri

Kolibri is vulnerable to Actions expression injection allowing an attacker to alter the repository and steal secrets.
Author avatar

GHSL-2024-033: Server-Side Request Forgery (SSRF) in open-webui - CVE-2024-30256

Open-webui is vulnerable to authenticated blind server-side request forgery.
Author avatar

GHSL-2023-257: Server-Side Request Forgery (SSRF) in Plane - CVE-2024-31461

Plane v0.13-dev is vulnerable to authenticated blind server-side request forgery vulnerability.
Author avatar

GHSL-2023-253: Cross-Site Scripting (XSS) in openrasp - CVE-2024-29183

A reflected XSS vulnerability exists in the openrasp cloud interface that allows an unauthenticated attacker to gain the session of users.
Author avatar

GHSL-2023-154_GHSL-2023-156: Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) in memos API - CVE-2024-29028, CVE-2024-29029, CVE-2024-29030

Multiple SSRF vulnerabilities exist in the memos API service that allow unauthenticated and authenticated users to enumerate and read from the internal network. In addition, one SSRF vulnerability leads to a reflected XSS vulnerability, which may allow an attacker complete control over the administrator account.
Author avatar

GHSL-2024-010: Limited file write in Stable-diffusion-webui - CVE-2024-31462

Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems.
Author avatar

GHSL-2023-277: Arbitrary File Deletion (AFD) in Owncast - CVE-2024-31450

Owncast in version 0.1.2 allows remote attackers with administrator privileges to delete arbitrary files by making a malicious POST request to /api/admin/emoji/delete.
Author avatar

GHSL-2023-225, GHSL-2023-226, GHSL-2023-227, and GHSL-2023-228: Server-Side Request Forgery (SSRF) and Denial of Service (DoS) in Mealie - CVE-2024-31991, CVE-2024-31992, CVE-2024-31993, CVE-2024-31994

Mealie v1.0.0-RC1.1 is vulnerable to multiple SSRF and DoS vulnerabilities. These vulnerabilities can be leveraged to identify, map, and retrieve the contents of webservers on Mealie's local network as well as being the victim of, or launching point for, a denial of service attack against a target of the attacker's choice.
Author avatar

GHSL-2023-205_GHSL-2023-206: Cross-site scripting (XSS) and arbitrary command execution vulnerability in go2rtc - CVE-2024-29191, CVE-2024-29192, CVE-2024-29193

Go2rtc is susceptible to a cross-site scripting (XSS) vulnerability and an arbitrary command execution vulnerability due to the lack of user-input sanitization.
Author avatar

GHSL-2023-015: Unsafe deserialization in Apache Submarine - CVE-2023-46302

Apache Submarine is vulnerable to unsafe deserialization due to the use of SnakeYaml's default constructor when parsing user-supplied data.
Author avatar

GHSL-2023-249: SQL injection vulnerability in Meshery - CVE-2024-29031

A SQL injection vulnerability in Meshery up to v0.6.181 allows a remote attacker to obtain sensitive information via the order parameter of GetMeshSyncResources.
Author avatar

GHSL-2023-224: Freed GPU memory access in Arm Mali GPU driver - CVE-2023-6241

GPU memory in the Arm Mali GPU can be accessed after it is freed, leading to potential arbitrary kernel code execution. This can be exploited even on devices with Memory Tagging Extension (MTE) enabled.
Author avatar

GHSL-2023-261: Cross origin request in Owncast allows for potential account takeover - CVE-2024-29026

A lenient CORS policy allows attackers to make a cross origin request, reading privileged information. This can be used to leak the admin password.
Author avatar

GHSL-2023-235_GHSL-2023-237,GHSL-2023-251_GHSL-2023-252: Pre-authentication RCE in OpenMetadata - CVE-2024-28253, CVE-2024-28254, CVE-2024-28255, CVE-2024-28845, CVE-2024-28848

OpenMetadata is vulnerable to several SpEL Expression Injections and an authentication bypass leading to pre-authentication Remote Code Execution (RCE).
Author avatar

GHSL-2024-027_GHSL-2024-028: API abuse in codeium-chrome - CVE-2024-28120

The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus impersonate the user on the backend autocomplete server.
Author avatar

GHSL-2023-221: Path traversal vulnerability in digdag - CVE-2024-25125

Treasure Data's digdag workload automation system was susceptible to a path traversal vulnerability if it's configured to store log files locally.
Author avatar

GHSL-2023-121: SAML authentication bypass vulnerability in RobotsAndPencils/go-saml - CVE-2023-48703

A SAML authentication bypass vulnerability was found in the RobotsAndPencils/go-saml library. This issue may lead to authentication bypasses in applications using go-saml for the signature verification of SAML assertions.
Author avatar

GHSL-2023-200: SQL injection vulnerability in FarmBot’s web app - CVE-2023-45674

A SQL injection vulnerability was found in FarmBot’s web app that allowed authenticated attackers to extract arbitrary data from its database (including the user table).
Author avatar

GHSL-2023-140:SQL injection vulnerability in TaxonWorks - CVE-2023-43640

A SQL injection vulnerability was found in TaxonWorks that allowed authenticated attackers to extract arbitrary data from the TaxonWorks database (including the user table).
Author avatar

GHSL-2023-258_GHSL-2023-259: Reflected XSS vulnerability and CORS issue in tamagui

A reflected XSS vulnerability and a CORS issue are present on the tamagui website, tamagui.dev. These vulnerabilities may allow an attacker to leak the cookies of users, and thus impersonate users on the website.
Author avatar

GHSL-2023-275: Arbitrary command execution in verify-changed-files

The tj-actions/verify-changed-files workflow allows for command injection in changed filenames, potentially allowing an attacker to leak secrets.
Author avatar

GHSL-2023-271: Arbitrary command execution in changed-files

The tj-actions/changed-files workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets.
Author avatar

GHSL-2023-268_GHSL-2023-270: Arbitrary command execution and SQL injection in Nginx-UI

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings, and is also vulnerable to SQL injection.
Author avatar

2023

GHSL-2023-208: Unsafe deserialization in MkDocs

MkDocs is vulnerable to an unsafe deserialization when parsing configuration files.
Author avatar

GHSL-2023-182_GHSL-2023-184: Server-side request forgery (SSRF), arbitrary file write and limited file write vulnerabilities in mindsdb/mindsdb - CVE-2023-49795, CVE-2023-50731, CVE-2023-49796

Three vulnerabilities that can be exploited by unauthenticated users were found in MindsDB: a Server-side request forgery (SSRF) vulnerability, an arbitrary file write vulnerability and a limited file write vulnerability.
Author avatar

GHSL-2023-192_GHSL-2023-194: Several vulnerabilities in bazarr - CVE-2023-50264, CVE-2023-50265, CVE-2023-50266

Bazarr is vulnerable to unauthenticated arbitrary file reads in two endpoints and a blind server-side request forgery (SSRF).
Author avatar

GHSL-2023-218_GHSL-2023-219: Cross-Site Scripting (XSS) in scrypted

Two reflected Cross-Site Scripting (XSS) vulnerabilities exist in scrypted that may allow an attacker to impersonate any user who clicks on specially crafted links. In the worst case, an attacker may be able to impersonate an administrator and run arbitrary commands.
Author avatar

GHSL-2023-203_GHSL-2023-204: Several vulnerabilities in audiobookshelf

Audiobookshelf is vulnerable to server-side request forgery (SSRF), arbitrary file read (AFR) and arbitrary file deletion (AFD) depending on the permissions of the user.
Author avatar

GHSL-2023-028: Remote Code Execution in jellyfin - CVE-2023-48702

A user with administrator permissions is able to run arbitrary code on the jellyfin server via the /System/MediaEncoder/Path endpoint.
Author avatar

GHSL-2023-190: Several vulnerabilities in Frigate - CVE-2023-45672, CVE-2023-45671, CVE-2023-45670

Unsafe deserialization, Reflected XSS, Cross-site request forgery, and Cross-site scripting vulnerabilities found in Frigate.
Author avatar

GHSL-2023-081_GHSL-2023-082: Tar Slip vulnerabilities in Autolab - CVE-2023-32676, CVE-2023-32317

Two Tar Slip vulnerabilities were found in Autolab. Those vulnerabilities could have allowed attackers to create or replace files on the file system that in the worst case could have been executed by the application or system itself.
Author avatar

GHSL-2023-030: Session Forgery in Autolab - CVE-2023-28641

Autolab did not enforce a unique, secure secret_key_base for the default docker-based production setup. If no secret_key_base was set, Autolab fell back to a static secret_key_base that was the same for all instances. This could have enabled attackers to impersonate admin users via session forgery.
Author avatar

GHSL-2022-100: Path traversal vulnerability and remote code execution (RCE) vulnerability in Autolab - CVE-2022-41955,CVE-2022-41956

Two vulnerabilities were found in Autolab: File disclosure due to path traversal (GHSL-2022-100) and Authenticated Remote Code Execution (GHSL-2022-124).
Author avatar

GHSL-2023-185: Server-Side Request Forgery (SSRF) in Posthog - CVE-2023-46746

A server-side request forgery (SSRF), which can only be exploited by authenticated users, was found in Posthog.
Author avatar

GHSL-2023-141: SQL injection in Nocodb - CVE-2023-43794

Nocodb contains SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database.
Author avatar

GHSL-2023-180: Type confusion in Chrome's renderer - CVE-2023-4069

A type confusion in VisitFindNonDefaultConstructorOrConstruct can be exploited by an attacker to gain code execution in Chrome's renderer.
Author avatar

GHSL-2023-197: Out-of-bounds array access in libcue- CVE-2023-43641

libcue is a library for parsing CUE sheet files. A malicious file can trigger an out-of-bounds array access in the track_set_index function.
Author avatar

GHSL-2023-108: GitHub Actions command injection in Stash

Stash repository is vulnerable to an Actions command injection in e2e.yml.
Author avatar

GHSL-2023-052: Unsafe deserialization in XXL-RPC - CVE-2023-45146

Attackers may be able to connect to the server and provide malicious serialized objects that, once deserialized, force it to execute arbitrary code.
Author avatar

GHSL-2023-191: Arbitrary File Read in ShokoServer - CVE-2023-43662

An arbitrary file read exists in the /api/Image/WithPath endpoint that would allow unauthenticated attackers to read arbitrary files on Windows systems.
Author avatar

GHSL-2023-100: Command Injection in a GitHub Actions workflow of Apache Ignite

The apache/ignite repository is vulnerable to a command injection in Actions, allowing an attacker to leak secrets.
Author avatar

GHSL-2023-137: Type confusion in Chrome - CVE-2023-3420

A type confusion caused by JSStackCheck can be exploited by an attacker to gain code execution in Chrome's renderer.
Author avatar

GHSL-2023-053: Unsafe deserialization in Redisson - CVE-2023-42809

Redisson is a Java Redis client that uses the Netty framework. Some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running in.
Author avatar

GHSL-2023-138: SAML token signature bypass in VMware Tools - CVE-2023-20900

A SAML authentication bypass vulnerability was found in the vgauth module of the VMware tools (open-vm-tools).
Author avatar

GHSL-2023-114: SSRF vulnerability in the Bitbucket Push and Pull Request Jenkins Plugin - CVE-2023-41937

Bitbucket Push and Pull Request Plugin provides a webhook endpoint at /bitbucket-hook/ that can be used to trigger builds of jobs configured to use a specified repository.In Bitbucket Plugin 2.8.3 and earlier, when a build is triggered in this way, attackers can force a connection to an arbitrary URL using the configured Bitbucket credentials.
Author avatar

GHSL-2023-181: Expression injection in the GitHub Action workflow of Pytorch

The pytorch/pytorch filter-test-configs workflow is vulnerable to an expression injection in Actions, allowing an attacker to potentially leak secrets and alter the repository using the workflow.
Author avatar

GHSL-2023-084: Cross-site scripting (XSS) in Pay - CVE-2023-30614

Pay, a payments engine for Ruby on Rails, comes with a payment info page which is susceptible to Cross-site scripting.
Author avatar

GHSL-2023-080: Unauthenticated data exfiltration in Decidim - CVE-2023-34090

Decidim, a platform for digital citizen participation, is vulnerable to non-public data exfiltration.
Author avatar

GHSL-2023-006: Cross-site scripting (XSS) in Decidim leading to potential endorsement manipulation - CVE-2023-32693

Decidim, a platform for digital citizen participation is vulnerable to Cross-site scripting. An attacker could impersonate other users and endorse or support proposals on their behalf.
Author avatar

GHSL-2023-093: Server-Side Request Forgery (SSRF) in jenkinsci/maven-artifact-choicelistprovider-plugin - CVE-2023-40347

Several Server-Side Request Forgery (SSRF) vulnerabilities in jenkinsci/maven-artifact-choicelistprovider-plugin allow the leak of sensitive credentials to an attacker-controlled server.
Author avatar

GHSL-2023-067: Server-Side Request Forgery (SSRF) in jenkinsci/servicenow-devops-plugin - CVE-2023-3414, CVE-2023-3442

A Server-Side Request Forgery (SSRF) vulnerability in jenkinsci/servicenow-devops-plugin allows the leak of sensitive credentials to an attacker-controlled server.
Author avatar

GHSL-2023-061: Cross-Site Request Forgery (CSRF) and Server-Side Request Forgery (SSRF) in jenkinsci/blueocean-plugin - CVE-2023-40341

A CSRF/SSRF vulnerability in jenkinsci/blueocean-plugin allows the leak of sensitive credentials (including GitHub credentials) to an attacker-controlled server.
Author avatar

GHSL-2023-105: Buffer Overflow in uchardet

A crafted sequence of bytes triggers memory read past the bounds of a globally allocated object buffer.
Author avatar

GHSL-2022-119: Arbitrary command execution in CasaOS - CVE-2023-37469

If an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands.
Author avatar

GHSL-2023-086_GHSL-2023-087: Expression injection in a GitHub Actions workflow of Airbyte

Potential injection from the github.event.comment.body context, which may be controlled by an external user.
Author avatar

GHSL-2023-143_GHSL-2023-144: SAML signature validation bypass in OpenAM - CVE-2023-37471

Attackers can use an improper SAML signature validation to impersonate any OpenAM user, including the administrator.
Author avatar

GHSL-2023-117_GHSL-2023-119: Denial of Service (DoS) in cmark-gfm - CVE-2023-37463

A crafted markdown document can trigger denial-of-service attacks on websites that use cmark-gfm to render markdown documents.
Author avatar

GHSL-2023-116: Denial of Service (DoS) in MySQL - CVE-2023-22057

A segfault can be triggered by switching session_track_gtids on and off and then either resetting the session or switching users, resulting in a loss of service.
Author avatar

GHSL-2023-109: GitHub Actions command injection in a TDesign Vue Next workflow

TDesign Vue Next repository is vulnerable to an Actions command injection in auto-release.yml.
Author avatar

GHSL-2023-079: Arbitrary File Exfiltration in Jenkins MathWorks Polyspace Plugin - CVE-2023-37960

Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier does not restrict a file path in a job parameter, allowing attackers with the Job/Configure permission to exfiltrate arbitrary files from the Jenkins controller by sending them in an email notification.
Author avatar

GHSL-2023-074: Server-Side Request Forgery (SSRF) in miniorange-saml-sp-plugin - CVE-2023-32991, CVE-2023-32992

A Server-Side Request Forgery (SSRF) vulnerability was found in the miniorange-saml-sp-plugin. The vulnerability resides in the org.miniorange.saml.MoSAMLAddIdp#doValidateMetadataUrl method and can be exploited without authentication. An attacker can leverage this vulnerability to send requests to arbitrary hosts.
Author avatar

GHSL-2023-073: Server-Side Request Forgery (SSRF) in benchmark-evaluator-plugin - CVE-2023-37962, CVE-2023-37963

A Server-Side Request Forgery (SSRF) vulnerability was found in the benchmark-evaluator-plugin. The vulnerability resides in the io.jenkins.plugins.benchmark.BenchmarkBuilder#doCheckFilepath method and can be exploited without authentication. An attacker can leverage this vulnerability to send requests to arbitrary hosts.
Author avatar

GHSL-2023-071: Server-Side Request Forgery (SSRF) in sumologic-publisher-plugin - CVE-2023-37958, CVE-2023-37959

A Server-Side Request Forgery (SSRF) vulnerability was found in the sumologic-publisher-plugin. The vulnerability resides in the com.sumologic.jenkins.jenkinssumologicplugin.PluginDescriptorImpl#doTestURL method and can be exploited without authentication. An attacker can leverage this vulnerability to send requests to arbitrary hosts.
Author avatar

GHSL-2023-069: Server-Side Request Forgery (SSRF) in jenkinsci/elasticbox-plugin - CVE-2023-37964, CVE-2023-37965

A Server-Side Request Forgery (SSRF) vulnerability in jenkinsci/elasticbox-plugin allows the leak of sensitive credentials to an attacker-controlled server. The issue arises from a lack of proper input validation/sanitization of the endpointUrl parameter in multiple web methods such as SlaveConfiguration$DescriptorImpl#doGetInstances. These methods read arbitrary credentials from the credentials storage using hardcoded ACL.System permission and send them to attacker-controlled servers.
Author avatar

GHSL-2023-068: Server-Side Request Forgery (SSRF) in jenkinsci/datadog-plugin - CVE-2023-37944

A Server-Side Request Forgery (SSRF) vulnerability in jenkinsci/datadog-plugin allows the leak of sensitive credentials to an attacker-controlled server. The issue arises from a lack of proper input validation/sanitization of the targetApiURL parameter in the DatadogGlobalConfiguration#doTestConnection. These methods read arbitrary credentials from the credentials storage using hardcoded ACL.System permission and send them to attacker-controlled servers.
Author avatar

GHSL-2023-066: Server-Side Request Forgery (SSRF) in jenkinsci/macstadium-orka-plugin - CVE-2023-37949

A Server-Side Request Forgery (SSRF) vulnerability in jenkinsci/macstadium-orka-plugin allows the leak of sensitive credentials to an attacker-controlled server. The issue arises from a lack of proper input validation/sanitization of the orkaEndpoint parameter in the OrkaAgent#doFillNodeItems. This method hardcodes an ACL.System access to the credentials storage and leak the secrets to attacker-controlled servers.
Author avatar

GHSL-2023-065: Server-Side Request Forgery (SSRF) in jenkinsci/mabl-integration-plugin - CVE-2023-37952, CVE-2023-37953

Several Server-Side Request Forgery (SSRF) vulnerabilities in jenkinsci/mabl-integration-plugin allow the leak of sensitive credentials to an attacker-controlled server. The issue arises from a lack of proper input validation/sanitization of the apiBaseUrl parameter in the MablStepBuilder#doFillEnvironmentIdItems, MablStepBuilder#doFillApplicationIdItem and MablStepBuilder#doValidateForm. These methods use the ACL.System permission to access the credentials storage and can be abused to leak arbitrary secrets to attacker-controlled servers.
Author avatar

GHSL-2023-064: Cross-Site Request Forgery (CSRF) and Server-Side Request Forgery (SSRF) in jenkinsci/pipeline-restful-api-plugin - CVE-2023-37957

A Cross-Site Request Forgery (CSRF) and a Server-Side Request Forgery (SSRF) vulnerabilities in jenkinsci/pipeline-restful-api-plugin may allow an attacker to retrieve a token to impersonate its victim.
Author avatar

GHSL-2023-063: Server-Side Request Forgery (SSRF) in test-results-aggregator-plugin - CVE-2023-37955, CVE-2023-37956

A Server-Side Request Forgery (SSRF) vulnerability was found in the test-results-aggregator-plugin. The vulnerability resides in the com.jenkins.testresultsaggregator.TestResultsAggregator#doTestApiConnection method and can be exploited without authentication. An attacker can leverage this vulnerability to send requests to arbitrary hosts.
Author avatar

GHSL-2023-056: XML external entity (XXE) in Jenkins External Monitor Job Plugin - CVE-2023-37942

Jenkins External Monitor Job Plugin 203.v683c09d993b_9 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. This allows authenticated attackers with Job Build permissions to send specific HTTP requests that force Jenkins to download and parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
Author avatar

GHSL-2023-120: Arbitrary File Read/Write during TAR extraction in Gradle

Gradle 8.1.1 does not ensure that paths constructed from TAR archive entries are validated. This allows attackers who are able to manipulate a TAR file which is unpacked by a Gradle script to overwrite arbitrary files. It also allows attackers who are able to manipulate a TAR file which is read by a Gradle script to read arbitrary files.
Author avatar

GHSL-2023-083: Improper certificate validation in KeyCloak - CVE-2023-2422

When a Keycloak server is configured to support mTLS authentication for OAuth/OpenID clients, it does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client and therefore access data that belongs to other clients.
Author avatar

GHSL-2023-044: Unsafe Deserialization in Aerospike Java client - CVE-2023-36480

The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on.
Author avatar

GHSL-2023-139: Use After Free (UAF) in accountsservice - CVE-2023-3297

An unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.
Author avatar

GHSL-2023-107: GitHub Actions Command Injection in Jellyfin

The jellyfin/jellyfin repository is vulnerable to a command injection in Actions, allowing an attacker to take over the GitHub Actions runner and leak secrets.
Author avatar

GHSL-2023-050: Command Injection in Apache Doris repository's CI workflow

Apache Doris repository is vulnerable to a Command Injection in the CI workflow auto_trigger_teamcity.yml.
Author avatar

GHSL-2023-045: LDAP injection in Bounty Castle For Java - CVE-2023-33201

Bouncy Castle For Java is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate’s Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
Author avatar

GHSL-2023-009: Credentials leaks for LDAP authentication in Apereo CAS - CVE-2023-28857

When CAS is configured to use X509 certificate authentication with LDAP directory, an unauthenticated user can leak the credentials for LDAP authentication. This is possible by sending a specially crafted X509 client certificate that contains a "CRL Distribution Points" extension with URLs pointing to a malicious resource.
Author avatar

GHSL-2023-115: Cross-Site Scripting (XSS) in template-workflows-plugin - CVE-2023-35146

A stored Cross-Site Scripting (XSS) vulnerability was found in the template-workflows-plugin project.
Author avatar

GHSL-2023-110: Actions command injection in the CI workflow of winglang/wing

The winglang/wing repository is vulnerable to a command injection in Actions, allowing an attacker to take over the contents of the repository and leak secrets.
Author avatar

GHSL-2023-106: Actions command injection in a new issue workflow of textualize/rich

The textualize/rich repository is vulnerable to a command injection in Actions.
Author avatar

GHSL-2023-104: Actions command injection in the CI workflow of hashicorp/terraform-cdk

The hashicorp/terraform-cdk repository is vulnerable to a command injection in Actions, allowing an attacker to take over the contents of the repository and leak secrets.
Author avatar

GHSL-2023-101: Actions command injection in the CI workflow of zcash/zcash

The zcash/zcash repository is vulnerable to a command injection in Actions, allowing an attacker to take over the contents of the repository and leak secrets.
Author avatar

GHSL-2023-099: Actions command injection in the CI workflow of iluwatar/java-design-patterns

The iluwatar/java-design-patterns repository is vulnerable to a command injection in Actions, allowing an attacker to take over the contents of the repository and leak secrets.
Author avatar

GHSL-2023-097: Cross-Site Scripting (XSS) in maven-repository-plugin - CVE-2023-35143

A stored Cross-Site Scripting (XSS) vulnerability was found in the maven-repository-plugin project.
Author avatar

GHSL-2023-095: Cross-Site Scripting (XSS) in Jenkins Sonargraph - CVE-2023-35145

Multiple reflected Cross-Site Scripting (XSS) were found in the Jenkins Sonargraph integration plugin
Author avatar

GHSL-2023-070: Server-Side Request Forgery (SSRF) in jenkinsci/dimensionsscm-plugin - CVE-2023-32262

A Server-Side Request Forgery (SSRF) vulnerability in jenkinsci/dimensionsscm-plugin allows the leak of sensitive credentials to an attacker-controlled server. The issue arises from a lack of proper input validation/sanitization of the dimensionsscm.serverPlugin parameter in the DimensionsScm#doCheckServerConfig method and the ACL.System access to the credentials storage.
Author avatar

GHSL-2023-054: Unauthenticated arbitrary file read in Jenkins plugin 3.0.12 - CVE-2023-35147

AWS CodeCommit Trigger Jenkins Plugin 3.0.12 and earlier does not restrict a file name path parameter in an HTTP endpoint, allowing authenticated attackers to read arbitrary files on the Jenkins controller file system.
Author avatar

GHSL-2022-097: SQL injection in rudderlabs/rudder-server - CVE-2023-30625

Blind SQL injections are present in rudderlabs/rudder-server that allows unauthenticated users to achieve Remote Code Execution.
Author avatar

GHSL-2023-025: Drive-by command injection in SRS's api-server - CVE-2023-34105

SRS's 'api-server' server is vulnerable to a drive-by command injection.
Author avatar

GHSL-2022-065: Insufficient Path Validation in Omni-Notes Android App - CVE-2023-33188

The Omni-Notes Android app has an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments are not properly validated, allowing malicious or compromised applications on the same device to force Omni-notes to copy files from its internal storage to its external storage directory, where they become accessible to any component with permission to read the external storage.
Author avatar

GHSL-2023-088: Arbitrary File Read in Ombi - CVE-2023-32322

Ombi, an application that allows users to request specific media from popular self-hosted streaming servers, contains a vulnerability that allows administrators to read arbitrary files on the Ombi host.
Author avatar

GHSL-2023-022: Command Injection in an Apache Cloudstack CI workflow

Apache Cloudstack is vulnerable to a Command Injection in sonar-check.yml.
Author avatar

GHSL-2023-077: Arbitrary file write in the File Parameters Jenkins Plugin - CVE-2023-32986

Jenkins File Parameters Plugin 285.v757c5b_67a_c25 and earlier does not restrict a file path in a job parameter, allowing attackers with the Job/Configure permission to upload arbitrary files to the Jenkins controller.
Author avatar

GHSL-2023-076: Information disclosure in the Sidebar Link Plug-in for Jenkins - CVE-2023-32985

Sidebar Link Plug-in for Jenkins 2.2.1 and earlier does not restrict a file path parameter in an HTTP endpoint, allowing authenticated attackers to enumerate arbitrary files on the Jenkins controller file system.
Author avatar

GHSL-2023-075: Server-Side Request Forgery (SSRF) in the AppSpider Jenkins plugin - CVE-2023-32998, CVE-2023-32999

A Server-Side Request Forgery (SSRF) vulnerability was found in the AppSpider Jenkins plugin. An unauthenticated attacker can leverage this vulnerability to send requests to arbitrary hosts.
Author avatar

GHSL-2023-072: Several Server-Side Request Forgery (SSRF) vulnerabilities in the Codedx Jenkins plugin - CVE-2023-2195, CVE-2023-2631

Several Server-Side Request Forgery (SSRF) vulnerabilities were found in the Codedx Jenkins plugin. An unauthenticated attacker can leverage this vulnerabilities to send requests to arbitrary hosts.
Author avatar

GHSL-2023-058_GHSL-2023-059: ZipSlip in Jenkins Pipeline Utility Steps Plugin - CVE-2023-32981

Jenkins Pipeline Utility Steps Plugin 2.15.1 and earlier allows attackers able to manipulate a TAR or ZIP file extracted by the plugin to create or replace any file on the file system.
Author avatar

GHSL-2023-055: XML external entity (XXE) or server-side request forgery (SSRF) in SAML SSO Jenkins Plugin - CVE-2023-32991, CVE-2023-32992

Authenticated attackers can send specific HTTP requests that force Jenkins to download and parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller, as well as server-side request forgery.
Author avatar

GHSL-2023-046: Local Privilege Escalation in sccache - CVE-2023-1521

If the server is run as root (which is the default when installing the snap package), a user running the sccache client can get root privileges.
Author avatar

GHSL-2022-127: Free Memory Access in Arm Mali - CVE-2022-46395

Imported memory from user space can be accessed after it has been freed
Author avatar

GHSL-2022-042: Remote Code Execution in Chromium - CVE-2022-1134

A type confusion in v8 can lead to remote code execution in the Chrome renderer sandbox.
Author avatar

GHSL-2023-085: Authentication bypass in libssh - CVE-2023-2283

The public key signature checking code in pki_verify_data_signature has a logic bug, which, under certain conditions, could enable an attacker to bypass the check.
Author avatar

GHSL-2023-032_GHSL-2023-042: Denial of Service in libssh - CVE-2023-1667

The libssh server logic does not correctly handle SSH_MSG_KEXINIT packets sent after a client authenticates which can allow an attacker to trigger a NULL pointer dereference, causing a denial-of-service. In addition, there are a number of memory leaks in the GSSAPI integration which may allow an attacker to trigger memory exhaustion, causing a denial-of-service.
Author avatar

GHSL-2023-001: ReDoS in SQLparse - CVE-2023-30608

SQLparse has a ReDoS (regular expression denial of service) in the parser for SQL expressions.
Author avatar

GHSL-2023-031: Quadratic complexity algorithm in cmark - CVE-2023-24824

A crafted markdown document can trigger a quadratic complexity algorithm in cmark.
Author avatar

GHSL-2023-047_GHSL-2023-049: Denial of Service (DoS) in comrak - CVE-2023-28626, CVE-2023-28631

A number of quadratic parsing issues can allow an attacker to trigger a denial-of-service via excessive CPU usage or excessive memory usage. In addition, an architectural design decision in the AST module could allow attackers to trigger a denial-of-service in applications building ASTs programmatically.
Author avatar

GHSL-2022-138: open redirect in lorawan stack - CVE-2023-26494

An open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in.
Author avatar

GHSL-2023-023: Type confusion in the Chrome renderer - CVE-2023-1214

Type confusion in the Chrome renderer reachable from a malicious website.
Author avatar

GHSL-2023-051: Command Injection in React Native OneSignal SDK - CVE-2023-28430

React Native OneSignal SDK repository is vulnerable to a Command Injection in Zapier.yml.
Author avatar

GHSL-2023-027: Command Injection in Cocos - CVE-2023-26493

Cocos Engine is vulnerable to a Command Injection in web-interface-check.yml.
Author avatar

GHSL-2022-129: XML External Entity (XXE) injection in GeoNode - CVE-2023-26043

GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read.
Author avatar

GHSL-2022-094: Remote Code Execution in discordrb - CVE-2023-28102

The encode_file method may lead to remote code execution if invoked with untrusted user-controlled data.
Author avatar

GHSL-2021-110: ReDoS in validators

validators contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
Author avatar

GHSL-2021-109: ReDoS in textacy

textacy contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
Author avatar

GHSL-2023-016_GHSL-2023-018: Out-of-Bounds Read in the MIT Kerberos V5 (krb5) library

Multiple vulnerabilities in the MIT Kerberos V5 (krb5) library can trigger an out-of-bounds read when parsing and verifying SPNEGO tokens.
Author avatar

GHSL-2022-131: XML External Entities (XXE) injection in OWSLib - CVE-2023-27476

OWSLib does not disable entity resolution for XML parsing, leading to XML External Entities (XXE) injection.
Author avatar

GHSL-2022-121_GHSL-2022-123: Multiple vulnerabilities in Apollo Configuration Management System - CVE-2023-25569, CVE-2023-25570

Apollo Configuration Management System is affected by multiple security vulnerabilities, including Post-Auth Remote Code Execution via SPeL evaluation, Improper Authorization in Eureka Service Discovery and Cross Site Request forgery.
Author avatar

GHSL-2023-010_GHSL-2023-014: Denial of Service (DoS) and memory corruption in gss-ntlmssp - CVE-2023-25563, CVE-2023-25564, CVE-2023-25565, CVE-2023-25566, CVE-2023-25567

Multiple vulnerabilities in the gss-ntlmssp library can allow remote attackers to trigger a denial-of-service or memory corruption in applications using NTLM authentication.
Author avatar

GHSL-2022-092: Physical memory access by untrusted app in Qualcomm Adreno GPU - CVE-2022-25664

A vulnerability in the Adreno GPU allows physical memory to be read by an untrusted app.
Author avatar

GHSL-2022-128: Quadratic complexity algorithm in cmark - CVE-2023-22486

A crafted markdown document can trigger a quadratic complexity algorithm in cmark.
Author avatar

GHSL-2022-118: Out-of-bounds read in cmark-gfm - CVE-2023-22485

A crafted markdown document can trigger an out-of-bounds read in cmark-gfm.
Author avatar

GHSL-2022-098: Quadratic complexity algorithm in cmark - CVE-2023-22484

A crafted markdown document can trigger a quadratic complexity algorithm in cmark.
Author avatar

GHSL-2022-088, GHSL-2022-089, GHSL-2022-090, GHSL-2022-091, GHSL-2022-099, GHSL-2022-109, GHSL-2022-110, GHSL-2022-111, GHSL-2022-120, GHSL-2022-126: Quadratic complexity algorithms in cmark-gfm - CVE-2023-22483

A crafted markdown document can trigger a quadratic complexity algorithm in cmark-gfm. Since cmark-gfm is used for rendering markdown on https://github.com/, this vulnerability could be used in a denial-of-service attack on GitHub.
Author avatar

GHSL-2022-059_GHSL-2022-060: SQL injection vulnerabilities in Owncloud Android app - CVE-2023-24804, CVE-2023-23948

The Owncloud Android app uses content providers to manage its data. The provider FileContentProvider has SQL injection vulnerabilities that allow malicious applications or users in the same device to obtain internal information of the app. The app also handles externally-provided files in the activity ReceiveExternalFilesActivity, where potentially malicious file paths are not properly sanitized, allowing attackers to read from and write to the application's internal storage.
Author avatar

GHSL-2023-004: Arbitrary file upload and download in act - CVE-2023-22726

The artifact server that stores artifacts from GitHub Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a GitHub Action.
Author avatar

GHSL-2022-074: Arithmetic overflow in sysstat - CVE-2022-39377

On 32 bit systems, an arithmetic overflow present in allocate_structures can be triggered when displaying activity data files and may lead to a variety of exploit primitives due to an incorrectly sized buffer.
Author avatar

2022

GHSL-2021-1009: URL access filters bypass in Alpine - CVE-2022-23553

URL access filters (block and allow list) are subject to be bypassed
Author avatar

GHSL-2020-295: ReDoS (Regular Expression Denial of service) in is.js - CVE-2020-26302

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2022-112_GHSL-2022-115: Remote denial of service in Linux kernel WILC1000 wireless driver - CVE-2022-47518, CVE-2022-47519, CVE-2022-47520, CVE-2022-47521

Multiple vulnerabilities in the Linux kernel Microchip WILC1000 802.11 wireless driver can allow remote and local attackers to trigger a denial of service when parsing management frames.
Author avatar

GHSL-2022-070_GHSL-2022-072: SQL injection in Arches - CVE-2022-41892

The Arches project contains multiple blind SQL injection vulnerabilities, that allow an attacker to query the underlying database.
Author avatar

GHSL-2022-130: Out-of-bounds (OOB) read in openrazer - CVE-2022-23467

A malicious device can send a USB report to the openrazer razermouse driver, resulting in an out-of-bounds (OOB) read.
Author avatar

GHSL-2022-028: Copy/paste cross-site scripting (XSS) in codex-team

codex-team/editor.js is vulnerable to XSS attacks when copy/pasting specially crafted input into the editor.
Author avatar

GHSL-2022-068: Remote Code Execution (RCE) in PDFMake - CVE-2022-46161

The dev-playground of pdfmake lacks sandboxing/sanitization of the data sent to the server, which flows to eval().
Author avatar

GHSL-2022-073: Denial of Service (DoS) in Fat Free CRM - CVE-2022-39281

A denial of service vulnerability existed in Fat Free CRM where an authenticated attacker could have prevented the web application from handling any requests.
Author avatar

GHSL-2022-069: Remote Code Execution (RCE) in CircuitVerse - CVE-2022-36038

A remote code execution (RCE) vulnerability in CircuitVerse allowed authenticated attackers to execute arbitrary code via specially crafted JSON payloads.
Author avatar

GHSL-2022-067: Remote Code Execution (RCE) in Fluentd - CVE-2022-39379

A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allowed unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads.
Author avatar

GHSL-2022-063: Remote Code Execution (RCE) in Arvados Workbench - CVE-2022-36006

A remote code execution (RCE) vulnerability in the Arvados Workbench allowed authenticated attackers to execute arbitrary code via specially crafted JSON payloads.
Author avatar

GHSL-2022-062: Arbitrary File Read in Tasks.org Android app - CVE-2022-39349

A malicious or compromised application in the same device could force Tasks.org to copy files from its internal storage to the external storage directory, where they become accessible to any component with permission to read the external storage.
Author avatar

GHSL-2022-035: Integer Overflow in git shell - CVE-2022-39260

An integer overflow in git shell can be exploited by a remote attacker to read and write out-of-bounds memory. This could potentially enable an attacker to execute arbitrary code on a git server.
Author avatar

GHSL-2022-018: Arbitrary Code Execution in Apache Commons Text - CVE-2022-42889

The StringSubstitutor default interpolators may lead to unsafe script evaluation and arbitrary code execution
Author avatar

GHSL-2022-066: Stack Buffer Overflow in iowow - CVE-2022-23462

There is a stack buffer overflow present in iowow that allows for Denial of Service (DOS) when it parses scientific notation numbers present in JSON.
Author avatar

GHSL-2022-036: Arbitrary CSS injection in mermaid.js - CVE-2022-31108

An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted CSS selectors.
Author avatar

GHSL-2022-033_GHSL-2022-034: SpEL Injection in Nepxion/Discovery - CVE-2022-23463, CVE-2022-23464

Nepxion/Discovery is vulnerable to SpEL Injection in discovery-commons and a potential SSRF in discovery-plugin-admin-center.
Author avatar

GHSL-2022-025: Regular Expression Denial of Service (ReDoS) in Apache OFBiz - CVE-2022-29158

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Specially crafted URLs may cause catastrophic backtracking, taking exponential time to complete.
Author avatar

GHSL-2022-043: Remote Code Execution (RCE) in the Chrome renderer - CVE-2022-1869

Type confusion in v8 that can lead to remote code execution in the Chrome renderer.
Author avatar

GHSL-2022-029: XSS in Toast UI Grid - CVE-2022-23458

The nhn/tui.grid component is vulnerable to XSS attacks when pasting specially crafted content into editable cells.
Author avatar

GHSL-2022-024: Regular Expression Denial of Service (ReDoS) in the Azure SDK for Java.

The Azure SDK for Java up to version 1.5.0-beta2 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it validates tenant IDs. Specially crafted IDs may cause catastrophic backtracking, taking exponential time to complete.
Author avatar

GHSL-2022-023: Regular Expression Denial of Service (ReDoS) in Apache Ignite

Apache Ignite up to version 2.12.0 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles table names when requesting primary keys through its JDBC driver. Specially crafted table names may cause catastrophic backtracking, taking exponential time to complete.
Author avatar

GHSL-2022-022: Regular Expression Denial of Service (ReDoS) in Tapestry - CVE-2022-31781

Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete.
Author avatar

GHSL-2022-021: Regular Expression Denial of Service (ReDoS) in Apache Tika - CVE-2022-30126, CVE-2022-33879

Apache Tika up to version 1.28.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles standard references in text files. Specially crafted files may cause catastrophic backtracking, taking exponential time to complete.
Author avatar

GHSL-2022-001: Deserialization vulnerability in Orckestra C1 CMS - CVE-2022-24789

Deserialization of untrusted data allows for Server Side Request Forgery (SSRF) or arbitrary file truncation.
Author avatar

GHSL-2021-1013_1028: Arbitrary code injection in nbconvert leads to several Cross-Site Scripting (XSS) vulnerabilities - CVE-2021-32862

When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to Cross-Site Scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer)
Author avatar

GHSL-2022-039: Exponential ReDoS (Regular Expression Denial of Service) in jquery-validation - CVE-2022-31147

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method
Author avatar

GHSL-2022-046: Arbitrary Intent in WordPress for Android leads to read and write access

The WordPress for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in WordPress for Android.
Author avatar

GHSL-2021-111: ReDoS (Regular Expression Denial of Service) in Dependency Parser - CVE-2022-39280

Dependency Parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
Author avatar

GHSL-2022-053: Use-after-free in alias memory of the Arm Mali gpu kernel driver - CVE-2022-20186

Improper validation of input data can lead to free'd memory being accessible from the GPU, which can lead to arbitrary memory access.
Author avatar

GHSL-2022-017: Arbitrary command execution through Apache Commons Configuration - CVE-2022-33980

Attackers able to control a configuration file or property may be able to run arbitrary system commands
Author avatar

GHSL-2022-038: Use After Free (UAF) in Qualcomm NPU driver - CVE-2022-22068

There is a use-after-free vulnerability in the Qualcomm NPU driver.
Author avatar

GHSL-2022-037: Use After Free (UAF) in Qualcomm kgsl driver - CVE-2022-22057

There is a use-after-free vulnerability in the Qualcomm kgsl driver.
Author avatar

GHSL-2021-1046: Cross-site scripting (XSS) in medium.js

medium.js is prone to XSS when handling untrusted placeholder values.
Author avatar

GHSL-2022-031_GHSL-2022-032: Type confusion in Nokogiri leads to memory leak or DoS - CVE-2022-29181

Two type confusion issues while processing malicious data can be used to leak the contents of memory or cause a denial-of-service.
Author avatar

GHSL-2021-1042: XSS in Baremetrics - CVE-2021-32859

Baremetrics Date Range Picker is prone to XSS when handling untrusted placeholder entries.
Author avatar

GHSL-2022-012: Arbitrary file write during TAR extraction in Apache Hadoop - CVE-2022-26612

Function unpackEntries during TAR extraction follows symbolic links (symlinks) which allows writing outside expected base directory on Windows.
Author avatar

GHSL-2022-008: Path traversal in the OWASP Enterprise Security API (ESAPI)- CVE-2022-23457

Function getValidDirectoryPath incorrectly treats sibling of a root directory as a child.
Author avatar

GHSL-2021-1035: Cross-Site Scripting (XXS) in Cockpit Next - CVE-2021-32857

Bad HTML sanitization in htmleditor.js may lead to cross-site scripting (XSS) issues.
Author avatar

GHSL-2021-1034: HTML sanitizer bypass leading to XSS in esdoc-publish-html-plugin - CVE-2021-32858

The esdoc-publish-html-plugin HTML sanitizer can be bypassed which may lead to cross-site scripting (XSS) issues.
Author avatar

GHSL-2022-004: Partial path traversal in Apache Pinot

Partial path traversal allows to break out of expected folder.
Author avatar

GHSL-2022-002_GHSL-2022-003: Partial path traversal in Apache James Server - CVE-2022-22931

Partial path traversal allows to break out of expected folder and access another user's mailbox.
Author avatar

GHSL-2022-009: HTML content sanitization bypass allowing to execute JavaScript code in CKEditor 4 - CVE-2022-24728

The HTML content sanitization in ckeditor4 can be bypassed, enabling Javascript code to be executed in the browser.
Author avatar

GHSL-2021-070: Command injection in react-dev-utils - CVE-2020-1920

There exists a command injection in the react-dev-utils npm package, which is a part of Facebook's facebook/create-react-app repository.
Author avatar

GHSL-2021-077: Local denial of service in polkit - CVE-2021-4115

There is a file descriptor leak in polkit, which can enable an unprivileged user to cause polkit to crash, due to file descriptor exhaustion.
Author avatar

GHSL-2021-1011: Double free in accountsservice - CVE-2021-3939

accountsservice has a double-free bug, which can be triggered by an unprivileged local user, by calling the SetLanguage D-Bus method.
Author avatar

GHSL-2021-1007: SQL Injection and insufficient permission control in Nextcloud Android app - CVE-2021-43863, CVE-2021-41166

The Nextcloud Android app uses content providers to manage its data. The providers FileContentProvider and DiskLruImageCacheFileProvider have security issues (an SQL injection, and an insufficient permission control, respectively) that allow malicious apps in the same device to access Nextcloud's data bypassing the permission control system.
Author avatar

GHSL-2021-001: Command Injection and Script Injection in Saagie create and close issue workflows

The close_issue.yml and create_issue.yml GitHub workflows in saagie/sdk, saagie/technologies-plugin and saagie/technologies repositories are vulnerable to arbitrary command/script injection.
Author avatar

GHSL-2021-119: ReDoS (Regular Expression Denial of Service) in H20

H2O contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
Author avatar

GHSL-2020-313: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of BitByte-TPC/first-bit

The auto_merge.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

2021

GHSL-2021-1054_GHSL-2021-1055: Unsafe Deserialization in log4j2 - CVE-2021-45046

The mitigations to restrict the hosts that a LDAP lookup can connect to, and the classes that can be deserialized are bypassable.
Author avatar

GHSL-2021-099: ReDoS (Regular Expression Denial of Service) in Solidus - CVE-2021-43805

A user of the system can provide an email address containing a specifically crafted string that will trigger a ReDoS vulnerability when checking out an order.
Author avatar

GHSL-2020-183: Arbitrary command injection in GitHub workflows of Checkstyle

The diff_report.yml and site.yml GitHub workflows are vulnerable to arbitrary command injection.
Author avatar

GHSL-2021-113: ReDoS (Regular Expression Denial of Service) in JS Beautifier

JS Beautifier contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
Author avatar

GHSL-2021-125: Path traversal in SharpZipLib - CVE-2021-32840, CVE-2021-32841, CVE-2021-32842

SharpZipLib allows full or partial (depending on the version) traversal of the extraction path.
Author avatar

GHSL-2021-122: ReDoS (Regular Expression Denial of Service) in Frappe

Frappe contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
Author avatar

GHSL-2021-121: ReDoS (Regular Expression Denial of Service) in StreamAlert

StreamAlert contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
Author avatar

GHSL-2021-117: ReDoS (Regular Expression Denial of Service) in python-ldap

python-ldap contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
Author avatar

GHSL-2021-115: ReDoS (Regular Expression Denial of Service) in Spyne

Spyne contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
Author avatar

GHSL-2021-1033: Intent URI permission manipulation in Nextcloud News for Android - CVE-2021-41256

The Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in Nextcloud News for Android.
Author avatar

GHSL-2021-1032: Unauthorized repository modification or secrets exfiltration from a Pull Request in Solana GitHub workflow

Explorer GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2021-082: Path traversal in SharpCompress - CVE-2021-39208

WriteEntryToDirectory used for an archive extraction is vulnerable to partial path traversal.
Author avatar

GHSL-2021-100: ReDoS (Regular Expression Denial of Service) in Octobox - CVE-2021-32848

A user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability.
Author avatar

GHSL-2021-1031: Information leak in Qualcomm npu driver - CVE-2021-1969

Information leak in Qualcomm npu driver due to use of uninitialized variable
Author avatar

GHSL-2021-102: ReDoS (Regular Expression Denial of Service) in Fluentd - CVE-2021-41186

parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack.
Author avatar

GHSL-2021-086: Unsafe Deserialization in Apache Storm supervisor - CVE-2021-40865

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE)
Author avatar

GHSL-2021-085: Command injection in Apache Storm Nimbus - CVE-2021-38294

A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm Nimbus server allowing pre-auth Remote Code Execution (RCE)
Author avatar

GHSL-2021-120: ReDoS (Regular Expression Denial of Service) in Apprise

Apprise contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
Author avatar

GHSL-2021-116: ReDoS (Regular Expression Denial of Service) in pydal

pydal contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
Author avatar

GHSL-2021-112: ReDoS (Regular Expression Denial of Service) in Calibre

calibre contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
Author avatar

GHSL-2021-1012: Poor random number generation in keypair - CVE-2021-41117

keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This would mean that the library is generating identical P, Q (and thus N) values which, in practical terms, is impossible with RSA-2048 keys. Generating identical values, repeatedly, usually indicates an issue with poor random number generation, or, poor handling of CSPRNG output.
Author avatar

GHSL-2021-118: ReDoS (Regular Expression Denial of Service) in Zulip - CVE-2021-41115

Zulip contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
Author avatar

GHSL-2020-348: ReDoS (Regular Expression Denial of Service) in DevExtreme

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-304: ReDoS (Regular Expression Denial of Service) in CyberChef

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-292: ReDoS (Regular Expression Denial of Service) in CKEditor 5 - CVE-2021-21254

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2021-058: Disclosure of the host memory into the virtualized guest in hyperkit - CVE-2021-32847

A malicious guest can trigger a vulnerability in the host by abusing the disk driver that may lead to disclosure of the host memory into the virtualized guest.
Author avatar

GHSL-2021-054_057: Code execution outside the virtualized guest in hyperkit - CVE-2021-32843, CVE-2021-32844, CVE-2021-32845, CVE-2021-32846

A malicious guest can trigger vulnerabilities in the host by abusing certain drivers that may lead to code execution outside the virtualized guest.
Author avatar

GHSL-2021-124: Use After Free (UAF) in Chrome - CVE-2021-30528

There is a Use After Free vulnerability (UAF) in InternalAuthenticatorAndroid::InvokeIsUserVerifyingPlatformAuthenticatorAvailableResponse
Author avatar

GHSL-2021-107: ReDoS (Regular Expression Denial of Service) in python-sqlparse - CVE-2021-32839

python-sqlparse contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
Author avatar

GHSL-2021-123: ReDoS (Regular Expression Denial of Service) in Flask RESTX - CVE-2021-32838

Flask RESTX contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
Author avatar

GHSL-2021-108: ReDoS (Regular Expression Denial of Service) in mechanize - CVE-2021-32837

mechanize contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service).
Author avatar

GHSL-2020-123: Command injection in mscdex/ssh2 - CVE-2020-26301

The agent method has a command injection vulnerability on Windows. Clients of the mscdex/ssh2 library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.
Author avatar

GHSL-2020-112: Command injection in systeminformation - CVE-2020-26300

The si.services method has a command injection vulnerability. Clients of the systeminformation library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.
Author avatar

GHSL-2021-088_093: Code execution outside the virtualized guest in bhyve - CVE-2021-29631

A malicious guest can trigger vulnerabilities in the host by abusing certain drivers that may lead to code execution outside the virtualized guest.
Author avatar

GHSL-2021-028: ReDoS (Regular Expression Denial of Service) in mithril.js

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2021-094: Multiple RCEs in Apache Dubbo - CVE-2021-36162, CVE-2021-36163

Multiple vulnerabilities have been found in Apache Dubbo enabling attackers to compromise and run arbitrary system commands on both Dubbo consumers and providers.
Author avatar

GHSL-2021-063: Arbitrary code execution in Eclipse Keti - CVE-2021-32834

A user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox.
Author avatar

GHSL-2021-098: ReDoS in OpenProject - CVE-2021-32763

A user of the system can post a message on a forum containing a specifically crafted string that will trigger a ReDoS vulnerability.
Author avatar

GHSL-2021-072: Reflected Cross-Site Scripting (XSS) leading to Remote Code Execution (RCE) in Nuxeo - CVE-2021-32828

The oauth2 REST API is vulnerable to Reflected Cross-Site Scripting (XSS). This XSS can be escalated to Remote Code Execution (RCE) by levering the automation API.
Author avatar

GHSL-2021-066: DoS and RCE in totaljs

An attacker can execute abitrary javascript code
Author avatar

GHSL-2021-065: Post-authentication Remote Code Execution (RCE) in ZStack REST API - CVE-2021-32829

ZStack REST API is vulnerable to post-authentication Remote Code Execution (RCE) via bypass of the Groovy shell sandbox
Author avatar

GHSL-2021-061: Command injection in @diez/generation - CVE-2021-32830

The locateFont method has a command injection vulnerability. Clients of the @diez/generation library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.
Author avatar

GHSL-2021-059: Arbitrary code execution in MockServer - CVE-2021-32827

An attacker that can trick a victim into visiting a malicious site while running MockServer locally, will be able to run arbitrary code on the MockServer machine.
Author avatar

GHSL-2021-053: Remote code execution in Proxyee-Down - CVE-2021-32826

An attacker being able to provide an extension script (eg: through a MiTM attack or by hosting a malicious extension) may be able to run arbitrary commands on the system running Proxyee-Down.
Author avatar

GHSL-2021-033: Arbitrary code execution in GitHub workflows of game-ci

The main.yml, kubernetes-tests.yml, test.yml and build-tests.yml GitHub workflows are vulnerable to arbitrary code execution.
Author avatar

GHSL-2020-364: Unauthorized repository modification or secrets exfiltration in GitHub workflows of apache/camel-website

The pr.yaml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2020-310: ReDoS (Regular Expression Denial of Service) in Rocket Chat - CVE-2021-32832

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-258: ZipSlip vulnerability in bblfshd - CVE-2021-32825

The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.
Author avatar

GHSL-2021-073: Post-authentication unsafe reflection in NSA Emissary - CVE-2021-32647

A logged-in user can invoke the constructor of some classes with untrusted data.
Author avatar

GHSL-2020-227: Server-Side Template Injection leading to unauthenticated Remote Code Execution in SCIMono - CVE-2021-21479

A Server-Side Template Injection was identified in SCIMono enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability.
Author avatar

GHSL-2020-312: Regular Expression Denial of Service (ReDoS) in useragent - CVE-2020-26311

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-305: Regular Expression Denial of Service (ReDoS) in Pure JavaScript HTML5 Parser - CVE-2020-26310

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-303: Regular Expression Denial of Service (ReDoS) in nope-validator - CVE-2020-26309

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-302: Regular Expression Denial of Service (ReDoS) in validate.js - CVE-2020-26308

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-301: Regular Expression Denial of Service (ReDoS) in HTML2Markdown - CVE-2020-26307

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-296: Regular Expression Denial of Service (ReDoS) in Knwl.js - CVE-2020-26306

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-291: Regular Expression Denial of Service (ReDoS) in CommonRegexJS - CVE-2020-26305

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-290: Regular Expression Denial of Service (ReDoS) in foundation-sites - CVE-2020-26304

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-289: Regular Expression Denial of Service (ReDoS) in insane - CVE-202026303

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-254: Arbitrary file read and/or write in dotmesh - CVE-2020-26312

The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.
Author avatar

GHSL-2021-083: Type confusion in scripttag leads to XSS - CVE-2021-32696

A type-confusion vulnerability leads scriptags to incorrectly sanitize dangerous inputs when an attacker is able to send an array (instead of a string) to the striptags function.
Author avatar

GHSL-2021-078_081: Host memory disclosure in libslirp - CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595

The library libslirp contains three uninitialized memory vulnerabilities that may allow an attacker to leak host memory into a guest
Author avatar

GHSL-2021-074: Local privilege escalation on any Linux system that uses polkit - CVE-2021-3560

There is an authentication bypass vulnerability in polkit, which enables an unprivileged user to get authorization from polkit to perform a privileged action.
Author avatar

GHSL-2021-064: Arbitrary code execution in Netflix NdBench

An attacker may get arbitrary code execution on NDBench servers by providing arbitrary Groovy scripts.
Author avatar

GHSL-2021-034_043: Multiple pre-auth RCEs in Apache Dubbo - CVE-2021-25641, CVE-2021-30179, CVE-2021-30180, CVE-2021-30181, CVE-2021-32824

Multiple vulnerabilities have been found in Apache Dubbo enabling attackers to compromise and run arbitrary system commands on both Dubbo consumers and providers.
Author avatar

GHSL-2021-075: Path injection in Django - CVE-2021-33203

A Path Injection issue was found in django that allows a malicious admin user to disclose the presence of files on the file-system if the module django.contrib.admindocs is enabled.
Author avatar

GHSL-2020-293: Regular expression Denial of Service in react-native - CVE-2020-1920

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2021-020: File disclosure in hbs - CVE-2021-32822

By allowing template engine configuration options to be passed through the Express render API directly, downstream users of an Express template engine may inadvertently introduce insecure behavior into their applications with impacts ranging from Cross Site Scripting (XSS) to Remote Code Execution (RCE)
Author avatar

GHSL-2020-345: Regular expression Denial of Service in mootools - CVE-2021-32821

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2021-027: Regular expression Denial of Service in ProtonMail - CVE-2021-32816

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2021-025: Remote code execution and Reflected cross site scripting in haml-coffee - CVE-2021-32818

By allowing template engine configuration options to be passed through the Express render API directly, downstream users of an Express template engine may inadvertently introduce insecure behavior into their applications with impacts ranging from Cross Site Scripting (XSS) to Remote Code Execution (RCE)
Author avatar

GHSL-2021-023: Remote code execution in squirrelly - CVE-2021-32819

By allowing template engine configuration options to be passed through the Express render API directly, downstream users of an Express template engine may inadvertently introduce insecure behavior into their applications with impacts ranging from Cross Site Scripting (XSS) to Remote Code Execution (RCE)
Author avatar

GHSL-2021-019: File disclosure in express-hbs - CVE-2021-32817

By allowing template engine configuration options to be passed through the Express render API directly, downstream users of an Express template engine may inadvertently introduce insecure behavior into their applications with impacts ranging from Cross Site Scripting (XSS) to Remote Code Execution (RCE)
Author avatar

GHSL-2021-018: File disclosure in Express Handlebars - CVE-2021-32820

By allowing template engine configuration options to be passed through the Express render API directly, downstream users of an Express template engine may inadvertently introduce insecure behavior into their applications with impacts ranging from Cross Site Scripting (XSS) to Remote Code Execution (RCE)
Author avatar

GHSL-2021-026: ReDoS in NodeRedis - CVE-2021-29469

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-337_338: Arbitrary code execution when cloning/checking out a Gradle project - CVE-2021-29263

Upon cloning or checking out a Gradle project from an external repository (Get from VCS), both IntelliJ IDEA and Android Studio, run the gradle build task.
Author avatar

GHSL-2021-032: Template object injection in Mailtrain - CVE-2021-27136

Dangerous usage of the template rendering API may lead to Cross Site Scripting (XSS), file disclosure, and Remote Code Execution (RCE).
Author avatar

GHSL-2021-005: Unauthorized repository modification or secrets exfiltration in GitHub workflows of OpenRefine

The pull_request.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2021-003: Unauthorized repository modification or secrets exfiltration in GitHub workflows of alisw/alidist and alisw/ali-bot

Multiple branches of recipe-checks.yml and pr-check.yml GitHub workflows are vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2020-325: Authentication bypass in Nacos - CVE-2021-29441, CVE-2021-29442

When enabled, Nacos authentication can be bypassed which enables an attacker to access any console or REST API endpoints.
Author avatar

GHSL-2021-062: Command injection in @thi.ng/egf - CVE-2021-21412

The gpg method has a command injection vulnerability. Clients of the @thi.ng/egf library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.
Author avatar

GHSL-2021-060: Command injection in @prisma/sdk - CVE-2021-21414

The getPackedPackage method has a command injection vulnerability. Clients of the @prisma/sdk library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.
Author avatar

GHSL-2021-024: Reflected Cross Site Scripting in eta

A misuse of the ExpressJS render API can lead to insecure behaviours from Cross Site Scripting (XSS) to Remote code execution (RCE)
Author avatar

GHSL-2021-022: Remote code execution in whiskers

A misuse of the ExpressJS render API can lead to insecure behaviours from Cross Site Scripting (XSS) to Remote code execution (RCE)
Author avatar

GHSL-2021-021: Remote code execution in ejs

A misuse of the ExpressJS render API can lead to insecure behaviours from Cross Site Scripting (XSS) to Remote code execution (RCE)
Author avatar

GHSL-2020-373: Command injection in node-notifier

node-notifier recently addressed a command injection vulnerability with an insufficient fix, resulting in command injection through malicious input still being possible.
Author avatar

GHSL-2020-357: ReDoS (Regular Expression Denial of Service) in amazeui

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-352: ReDoS (Regular Expression Denial of Service) in revalidator

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-350: ReDoS (Regular Expression Denial of Service) in ng2-validation

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-339: Command Injection vulnerability in OMF

A Command Injection vulnerability has been found in Open Modeling Framework (OMF)
Author avatar

GHSL-2020-336: reflected Cross-Site scripting (XSS) in analytics-quarry-web - CVE-2020-36324

A reflected Cross-Site scripting (XSS) vulnerability has been found in analytics-quarry-web
Author avatar

GHSL-2020-130: CSRF in mongo-express

Mongo-express uses csurf middleware to protect the application against CSRF attacks. Unfortunately it does so in an incorrect way which leaves mongo-express vulnerable to the attack.
Author avatar

GHSL-2020-372: Unauthorized repository modification or secrets exfiltration in GitHub workflows of 418sec/huntr

The process-disclosure.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2021-047: unauthorized repository modification or secrets exfiltration in GitHub workflows of zwavejs2mqtt

The zwave-js-bot.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration.
Author avatar

GHSL-2021-046: Command injection in a GitHub workflow of AmazeFileManager

The android-debug-artifact-ondemand.yml GitHub workflow is vulnerable to command injection.
Author avatar

GHSL-2021-044: Command injection in a GitHub workflow of Homebrew/brew

The vendor-gems.yml GitHub workflow is vulnerable to command injection.
Author avatar

GHSL-2020-131: Remote Code Execution in mongo-express - CVE-2020-24391

Mongo-express uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to RCE in the context of the node server.
Author avatar

GHSL-2020-050: Arbitrary code execution in Pebble Templates

When Spring integration is enabled, an attacker that is able to modify Template contents may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container.
Author avatar

GHSL-2020-021: Bypass input sanitization of EL expressions in Eclipse-EE4J

A bug in the `ELParserTokenManager` enables invalid EL expressions to be evaluated as if they were valid, enabling attackers to bypass input sanitation.
Author avatar

GHSL-2021-052: Potential local Denial of Service in systemd

There is an infinite loop in systemd-ask-password, due to an integer overflow in an error handling code path. The bug can be triggered by entering an invalid unicode character followed by backspace.
Author avatar

GHSL-2021-049: Type confusion vulnerability in the varlink interface of systemd-resolved

There is potential type confusion vulnerability in the varlink interface of systemd-resolved. This is due to the userdata field of the Varlink struct being used to store two unrelated datatypes: Manager and DnsQuery.
Author avatar

GHSL-2021-045: Integer Overflow in GLib - CVE-2021-27219

The function g_bytes_new has an integer overflow due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to a memory corruption vulnerability.
Author avatar

GHSL-2020-358: Regular expression Denial of Service in Schema-Inspector

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-331: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of appsmith

The client.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2020-323: Template injection in a GitHub workflow of geek-cookbook

The 'on-push-master-notify-discord.yml' GitHub workflow is vulnerable to template injection.
Author avatar

GHSL-2020-235: Arbitrary command injection in wayou/turn-issues-to-posts-action

The turn-issues-to-posts action is vulnerable to arbitrary command injection.
Author avatar

GHSL-2020-277: Unauthorized repository modification or secrets exfiltration in GitHub workflows of w3c/aria-practices

The coverage-report.yml and generate-and-commit-files.yml GitHub workflows are vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2020-375: Use-after-free (UaF) in Qualcomm kgsl driver - CVE-2020-11239

Use-after-free in kgsl_ioctl_gpuobj_import and kgsl_ioctl_map_user_mem of the Qualcomm kgsl driver
Author avatar

GHSL-2020-273: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of numworks/epsilon

The metrics-workflow.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2021-009: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of lijinke666/react-music-player

The surge-preview.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2021-008: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of actions-cool/issue-helper

The surge-preview.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2020-349: ReDoS (Regular Expression Denial of Service) in date-and-time - CVE-2020-26289

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-343: ReDoS (Regular Expression Denial of Service) in Vant

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-314: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of s4u/pgpverify-maven-plugin

The pr.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2020-287: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of jdf2e/nutui

The preview.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2020-270: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of ant-design-colorful

The preview.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2020-269: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of alibaba/hooks

The preview.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2020-268: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of umijs/dumi

The preview.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2020-267: Unauthorized repository modification or secrets exfiltration in GitHub workflows of Antvis repositories

Multiple Antvis GitHub workflows are vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2020-266: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of afc163/surge-preview

The design and promoted usage examples of afc163/surge-preview GitHub action makes the consuming workflows vulnerable to arbitrary code execution. The repository of afc163/surge-preview GitHub action falls into the same trap and is vulnerable to arbitrary code execution.
Author avatar

GHSL-2020-265: Unauthorized repository modification or secrets exfiltration in GitHub workflows of didi/cube-ui and didi/mand-mobile

The cube-ui/preview.yml and mand-mobile/preview.yml GitHub workflows are vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2020-264: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of youan/vant

The preview.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2020-246: Unauthorized repository modification or secrets exfiltration in GitHub workflows of ant-design

The ant-design/ui.yml, ant-design-pro/preview.yml and pro-components/preview.yml GitHub workflows are vulnerable to arbitrary code execution.
Author avatar

GHSL-2020-048: Remote Code Execution in Apache Velocity - CVE-2020-13936

When Velocity templates are used in the context of a VelocityView an attacker that is able to modify Template contents may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container.
Author avatar

GHSL-2020-359: ReDoS (Regular Expression Denial of Service) in etherpad-lite

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-335: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of libpasta

The ci.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2021-048: Unauthorized repository modification or secrets exfiltration in several GitHub workflows of linebender

The bloat.yml GitHub workflow in linebender/druid, linebender/runebender and linebender/norad is vulnerable to unauthorized modification of the base repository or secrets exfiltration.
Author avatar

GHSL-2021-016: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of Tautulli

The pull-requests.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2020-329: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of Automattic/jetpack

The dangerci.yml GitHub workflow is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request.
Author avatar

GHSL-2021-030: ReDoS (Regular expression Denial of Service in CodeMirror

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2021-017: Command injection in teal-language/tl workflow

The playground.yml GitHub workflow is vulnerable to arbitrary command injection.
Author avatar

GHSL-2021-015: Command injection in a2o/snoopy workflow

The code-qa-sonarcloud.yml GitHub workflow is vulnerable to arbitrary command injection.
Author avatar

GHSL-2021-014: Command injection in benjamin-maynard/kubernetes-cloud-mysql-backup workflow

GitHub workflow in benjamin-maynard/kubernetes-cloud-mysql-backup GitHub repository is vulnerable to arbitrary command injection.
Author avatar

GHSL-2021-013: Command injection in pythonpune/meetup-talks workflow

GitHub workflow in pythonpune/meetup-talks repository is vulnerable to arbitrary command injection.
Author avatar

GHSL-2021-012: Command injection in alan-turing-institute/binderhub-deploy workflow

GitHub workflow in alan-turing-institute/binderhub-deploy GitHub repository is vulnerable to arbitrary command injection.
Author avatar

GHSL-2021-011: Command injection in itpp-labs workflows

The DINAR-PORT.yml GitHub workflow in itpp-labs/misc-addons, itpp-labs/website-addons, itpp-labs/access-addons, itpp-labs/l10n-addons, itpp-labs/mail-addons, itpp-labs/pos-addons and itpp-labs/sync-addons repositories is vulnerable to arbitrary command injection.
Author avatar

GHSL-2021-010: Command injection in getsentry/onpremise workflow

The validate-new-issue.yml GitHub workflow is vulnerable to arbitrary command injection.
Author avatar

GHSL-2021-007: Arbitrary code execution and shell command injection in dmlc/gluon-nlp workflows

The buildwebsite.yml and unittests-gpu.yml GitHub workflows are vulnerable to arbitrary code execution.
Author avatar

GHSL-2021-006: Arbitrary code execution in Decathlon/vitamin-web workflow

The build-pr.yml GitHub workflow is vulnerable to arbitrary code execution.
Author avatar

GHSL-2021-004: Arbitrary code execution in aeraki workflows

The e2e-thrift.yaml, e2e-dubbo.yaml and e2e-kafka-zookeeper.yaml GitHub workflows are vulnerable to arbitrary code execution.
Author avatar

GHSL-2020-371: Arbitrary code execution in tophat workflows

The GitHub workflows pull-request.yml in multiple branches of tophat/networkjs, tophat/commit-utils, tophat/commit-watch, tophat/sanity-runner and commit-watch.yml in tophat/commit-watch are vulnerable to arbitrary code execution.
Author avatar

GHSL-2020-370: Arbitrary code execution and shell command injection in rhinstaller/anaconda workflows

The validate.yml and kickstart-tests.yml GitHub workflows are vulnerable to arbitrary code execution.
Author avatar

GHSL-2020-369: Arbitrary code execution in nrfconnect/sdk-nrf workflow

The docbuild.yml GitHub workflow is vulnerable to arbitrary code execution.
Author avatar

GHSL-2020-334: Arbitrary code execution in gsantner workflows

The gsantner/markor build-android-project.yml, gsantner/memetastic build-android-project.yml and gsantner/dandelion link-validator.yml GitHub workflows are vulnerable to arbitrary code execution.
Author avatar

GHSL-2020-333: Arbitrary code execution in osohq/oso workflow

The bench.yml GitHub workflow is vulnerable to arbitrary code execution.
Author avatar

GHSL-2020-332: Arbitrary code execution in a2o/snoopy workflow

The code-qa-sonarcloud.yml GitHub workflow is vulnerable to arbitrary code execution.
Author avatar

GHSL-2020-327: Arbitrary code execution in dmlc/gluon-cv workflow

The ci.yml GitHub workflow is vulnerable to arbitrary code execution.
Author avatar

GHSL-2020-319: Arbitrary code execution in pangeo-data/climpred workflows

The climpred_installs.yml and climpred_testing.yml GitHub workflows in multiple branches are vulnerable to arbitrary code execution.
Author avatar

GHSL-2020-316: Arbitrary code execution in indico/newdle workflow

The migration-sql.yml GitHub workflow is vulnerable to arbitrary code execution.
Author avatar

GHSL-2020-274: Arbitrary code execution in v8/v8.dev workflow

The pr-preview.yml GitHub workflow is vulnerable to arbitrary code execution.
Author avatar

GHSL-2020-257: The unsafe handling of symbolic links in an unpacking routine in oras - CVE-2021-21272

The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.
Author avatar

GHSL-2020-245: Arbitrary code execution in strimzi/strimzi-ui workflow

The node-pr-jobs-secure.yml GitHub workflow is vulnerable to arbitrary code execution.
Author avatar

GHSL-2020-244: Arbitrary code execution and shell command injection in nonebot/nonebot2 workflow

The api_docs.yml GitHub workflow is vulnerable to arbitrary code execution and shell command injection.
Author avatar

GHSL-2020-242: Command injection in telegramdesktop/tdesktop workflow

The user_agent_updater.yml GitHub workflow is vulnerable to arbitrary command injection.
Author avatar

GHSL-2020-241: Arbitrary code execution and shell command injection in getsentry/sentry workflow

The acceptance.yml GitHub workflow is vulnerable to arbitrary code execution and shell command injection.
Author avatar

GHSL-2020-240: Command injection in scikit-learn/scikit-learn workflow

The sync_pull_request.yml GitHub workflow is vulnerable to arbitrary command injection.
Author avatar

GHSL-2020-239: Command injection in NVIDIA/spark-rapids workflow

The blossom-ci.yml GitHub workflow is vulnerable to arbitrary command injection.
Author avatar

GHSL-2020-234: Command injection in DataBiosphere/terra-workspace-manager workflow

The preview-manage.yml GitHub workflow is vulnerable to arbitrary command injection.
Author avatar

GHSL-2020-233: Command injection in ONSdigital workflows

The comment.yml and main.yml GitHub workflows are vulnerable to arbitrary command injection.
Author avatar

GHSL-2020-232: Command injection in wireapp/wire-webapp workflow

The test_build_deploy.yml GitHub workflow is vulnerable to arbitrary command injection.
Author avatar

GHSL-2020-231: Command injection in graphql-dotnet workflows

The wipcheck.yml GitHub workflow in graphql-dotnet/graphql-dotnet, graphql-dotnet/server, graphql-dotnet/parser and graphql-dotnet/authorization repositories is vulnerable to arbitrary command injection.
Author avatar

GHSL-2020-230: Command injection in aws/aws-sam-cli worflow

The pr_title.yml GitHub workflow is vulnerable to arbitrary command injection.
Author avatar

GHSL-2020-229: Command injection in allenevans/set-env workflow

The release.yml GitHub workflow is vulnerable to arbitrary command injection.
Author avatar

GHSL-2020-206: Command and template injections in Saagie workflows

GitHub workflows in saagie/technologies, saagie/technologies-plugin and saagie/sdk repositories are vulnerable to arbitrary code execution.
Author avatar

GHSL-2020-195: Arbitrary file write in dd-center/vdb workflow

The submit.yml GitHub workflow is vulnerable to arbitrary file write.
Author avatar

GHSL-2020-194: Command injection in drewmullen/actions-playground workflows

The comment.yml and output_comment.yml GitHub workflows are vulnerable to arbitrary command injection.
Author avatar

GHSL-2020-193: Command injection in Ignitus/Ignitus-client workflow

The pr-preview.yml GitHub workflow is vulnerable to arbitrary command injection.
Author avatar

GHSL-2020-191: Command injection in KanCraft/kanColleWidget workflow

The contrib-notice.yml GitHub workflow is vulnerable to arbitrary command injection.
Author avatar

GHSL-2020-190: Command injection in fortran-lang/fortran-lang.org workflow

The gen_tweet.yaml GitHub workflow is vulnerable to arbitrary command injection.
Author avatar

GHSL-2020-186: Command injection in thomaseizinger/github-action-gitflow-release-workflow

The draft-new-release.yml GitHub workflow is potentially vulnerable to arbitrary command injection.
Author avatar

GHSL-2020-185: Arbitrary code execution in Plugins Verified by Homebridge workflow

The plugin-prechecks.yml GitHub workflow is vulnerable to arbitrary code execution.
Author avatar

GHSL-2020-182: Code injection in JonathanGin52/JonathanGin52 workflow

The connect4.yml GitHub workflow is vulnerable to arbitrary code injection.
Author avatar

GHSL-2020-171: Command injection in arduino/arduino-cli workflow

The jira-issue.yaml GitHub workflow is vulnerable to arbitrary command injection.
Author avatar

GHSL-2020-150: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in china-live/QQConnect

QQConnect is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS).
Author avatar

GHSL-2020-148: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in anjoy8/ChristDDD

ChristDDD is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS).
Author avatar

GHSL-2020-147: Cross-Site Request Forgery (CSRF) in Sustainsys/Saml2

Saml2 is vulnerable to a Cross-Site Request Forgery (CSRF) that may lead per-user denial of service (DoS).
Author avatar

GHSL-2020-146: Arbitrary file overwrite, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in dotnet-architecture/eShopOnWeb

eShopOnWeb is vulnerable to an Arbitrary File Overwrite, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges, per-user denial of service (DoS) and Remote Code Execution (RCE).
Author avatar

GHSL-2020-308: ReDoS (Regular Expression Denial of Service) in TinyMCE

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-299: ReDoS (Regular Expression Denial of Service) in simple-markdown

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-294: ReDoS (Regular Expression Denial of Service) in jquery.validation - CVE-2021-21252

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-214_223: 10 CVEs in OneDev ranging from pre-auth Remote Code Execution (RCE) to Arbitrary File Read/Write

Multiple vulnerabilities were found in the OneDev project ranging from pre-auth Remote Code Execution (RCE) to Arbitrary File Read/Write
Author avatar

GHSL-2020-201: Prototype pollution in theia/plugin-ext

Prototype pollution in mergeContents and parseConfigurationData functions.
Author avatar

GHSL-2020-160: Prototype pollution in Merge-deep

Merge-deep actively attempts to prevent prototype pollution by blocking object property merges into __proto__, however it still allows for prototype pollution of Object.prototype via a constructor payload.
Author avatar

GHSL-2020-070: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Apache OfBiz

Apache OfBiz is vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE)
Author avatar

GHSL-2020-067: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Apache OfBiz

Apache OfBiz is vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE)
Author avatar

GHSL-2020-066: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Apache OfBiz

Apache OfBiz is vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE)
Author avatar

GHSL-2020-311: Regular Expression Denial of Service in SquadCal

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-309: Regular Expression Denial of Service in Fast-csv - CVE-2020-26256

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-307: Regular Expression Denial of Service in CodeMirror

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-306: Regular Expression Denial of Service in highlight.js

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-300: Regular Expression Denial of Service in markdown-to-jsx

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-298: Regular Expression Denial of Service in Metro-UI-CSS

The project contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service)
Author avatar

GHSL-2020-262: Unsafe handling of symbolic links in go-slug unpacking routine - CVE-2020-29529

The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.
Author avatar

GHSL-2020-261: Unsafe handling of symbolic links in oc unpacking routine - CVE-2020-27833

The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.
Author avatar

GHSL-2020-256: Unsafe handling of symbolic links in dbdeployer unpacking routine - CVE-2020-26277

The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.
Author avatar

GHSL-2020-252: Unsafe handling of symbolic links in archiver unpacking routine

The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder.
Author avatar

GHSL-2020-213: Server-Side Template Injection in BrowserUp Proxy - CVE-2020-26282

A Server-Side Template Injection was identified in BrowserUp Proxy enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability.
Author avatar

2020

GHSL-2020-330: Unauthorized repository modification or secrets exfiltration in two akka repositories

Two GitHub workflows of alpakka-kafka and akka-grpc are vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
Author avatar

GHSL-2020-320: Unauthorized repository modification or secrets exfiltration in illright/attractions repository

A GitHub workflow of illright/attractions is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
Author avatar

GHSL-2020-318: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of popsim-consortium/stdpopsim

A GitHub workflow of popsim-consortium/stdpopsim is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
Author avatar

GHSL-2020-317: Unauthorized repository modification or secrets exfiltration in gpuweb/cts repository

A GitHub workflow of gpuweb/cts is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
Author avatar

GHSL-2020-315: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of rux616/karabiner-windows-mode

A GitHub workflow of rux616/karabiner-windows-mode is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
Author avatar

GHSL-2020-288: Unauthorized repository modification or secrets exfiltration in GitHub workflows comsuming awslabs/one-line-scan

The design and promoted usage examples of awslabs/one-line-scan makes consuming workflows vulnerable to arbitrary code execution
Author avatar

GHSL-2020-286: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of PureStake/moonbeam

A GitHub workflow of PureStake/moonbeam is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
Author avatar

GHSL-2020-285: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of cloudevents/sdk-ruby

A GitHub workflow of cloudevents/sdk-ruby is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
Author avatar

GHSL-2020-284: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of dazuma/toys

A GitHub workflow of dazuma/toys is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
Author avatar

GHSL-2020-283: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of GoogleCloudPlatform/functions-framework-ruby

A GitHub workflow of GoogleCloudPlatform/functions-framework-ruby is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
Author avatar

GHSL-2020-282: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of open-telemetry/opentelemetry-ruby

A GitHub workflow of open-telemetry/opentelemetry-ruby is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
Author avatar

GHSL-2020-281: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of tskit-dev/msprime

A GitHub workflow of tskit-dev/msprime is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
Author avatar

GHSL-2020-279: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of is-a-dev/register

A GitHub workflow of is-a-dev/register is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
Author avatar

GHSL-2020-278: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of stm32-rs/stm32-rs

A GitHub workflow of stm32-rs/stm32-rs is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
Author avatar

GHSL-2020-276: Unauthorized repository modification or secrets exfiltration in nuxt repositories

Two GitHub workflows of nuxt/create-nuxt-app and nuxt/modules are vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
Author avatar

GHSL-2020-272: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of lampepfl/dotty

A GitHub workflow of lampepfl/dotty is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
Author avatar

GHSL-2020-271: Unauthorized repository modification or secrets exfiltration in the GitHub workflow of openzfs/zfs

A GitHub workflow of openzfs/zfs is vulnerable to unauthorized modification of the base repository or secrets exfiltration from a Pull Request
Author avatar

GHSL-2020-205: Remote Code Execution in Apache Struts 2 - S2-061 - CVE-2020-17530

Double evaluation of Struts tag dynamic attributes leads to Remote Code Execution
Author avatar

GHSL-2020-192, GHSL-2020-196: File existence disclosure in aptdeamon - CVE-2020-16128

Two vulnerabilities in aptdaemon allow an unprivileged user to probe the existence of arbitrary files on the system
Author avatar

GHSL-2020-168, GHSL-2020-169, GHSL-2020-170: Integer overflows and file descriptor leak in aptd - CVE-2020-27349, CVE-2020-27350, CVE-2020-27351

Some aptd deamon packages contain several bugs which an unprivileged user can exploit to trigger a local denial of service
Author avatar

GHSL-2020-212: Template injection in Cron-utils - CVE-2020-26238

A Template Injection was identified in Cron-Utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability
Author avatar

GHSL-2020-211: Template injection in a GitHub workflow of namin2/dependabot_jira repository

The GitHub workflow template in namin2/dependabot_jira repository is vulnerable to template injection from user comments
Author avatar

GHSL-2020-210: Template injection in the GitHub workflow of hyperspacedev/starlight repository

Automatic GitHub workflow in hyperspacedev/starlight repository is vulnerable to template injection from user comments
Author avatar

GHSL-2020-209: Template injection in a GitHub workflow of ww-tech/primrose repository

Automatic GitHub workflow in ww-tech/primrose repository is vulnerable to template injection from user comments
Author avatar

GHSL-2020-208: Template injection in a GitHub workflow of SourcePointUSA/android-cmp-app repository

Automatic GitHub workflow in SourcePointUSA/android-cmp-app repository is vulnerable to template injection from user comments
Author avatar

GHSL-2020-207: Template injection in a GitHub workflow of repository hashicorp/boundary-ui

Automatic GitHub workflow in hashicorp/boundary-ui repository is vulnerable to template injection from user comments
Author avatar

GHSL-2020-204: Server-Side Template Injection in Corona Warn App Server

A Server-Side Template Injection was identified in Corona Warn App Server enabling attackers to inject arbitrary Java EL expressions, leading to un-auth Remote Code Execution (RCE) vulnerability
Author avatar

GHSL-2020-181: Template injection in the GitHub workflows of symless synergy-core repository

Automatic GitHub workflows in symless synergy-core repository are vulnerable to template injection from user comments
Author avatar

GHSL-2020-180: Template injection in the GitHub workflows of helm-ssm repository

Automatic GitHub workflows in helm-ssm repository are vulnerable to template injection from user comments
Author avatar

GHSL-2020-179: Template injection in the GitHub workflows of codacy-coverage-reporter-action repository

Automatic GitHub workflows in codacy-coverage-reporter-action repository are vulnerable to template injection from user comments
Author avatar

GHSL-2020-178: Template injection in the GitHub workflows of bitbucket-scala-client repository

Automatic GitHub workflows in bitbucket-scala-client repository are vulnerable to template injection from user comments
Author avatar

GHSL-2020-177: Template injection in the GitHub workflows of codacy-plint repository

Automatic GitHub workflows in codacy-pylint repository are vulnerable to template injection from user comments
Author avatar

GHSL-2020-176: Template injection in the GitHub workflows of codacy-scalameta repository

Automatic GitHub workflows in codacy-scalameta repository are vulnerable to template injection from user comments
Author avatar

GHSL-2020-175: Template injection in the GitHub workflows of codacy-analysis-cli repository

Automatic GitHub workflows in codacy-analysis-cli repository are vulnerable to arbitrary code execution from user comments
Author avatar

GHSL-2020-174: Template injection in the GitHub workflows of codacy-coverage-reporter repository

Automatic GitHub workflows in codacy-coverage-reporter repository are vulnerable to template injection from user comments
Author avatar

GHSL-2020-173: Undocumented template expression evaluation in the gajira-comment GitHub action - CVE-2020-14189

The gajira-comment GitHub action supports undocumented template syntax that may lead to arbitrary code execution
Author avatar

GHSL-2020-172: Undocumented template expression evaluation in the gajira-create GitHub action - CVE-2020-14188

The gajira-create GitHub action supports undocumented template syntax that may lead to arbitrary code execution
Author avatar

GHSL-2020-137: Unsafe deserialization in Lumisoft Mail Server

Unsafe deserialization vulnerablities may lead to pre-auth Remote Code Execution (RCE) in Lumisoft MailServer
Author avatar

GHSL-2020-136: Unsafe deserialization vulnerabilties in Lumisoft .NET and Lumisoft MailServer

Unsafe deserialization vulnerablities may lead to pre-auth Remote Code Execution (RCE) in Lumisoft .NET and Lumisoft MailServer
Author avatar

GHSL-2020-142: Heap memory corruption in png-img - CVE-2020-28248

The NAN bindings provided by png-img for libpng are vulnerable to an integer overflow which results in an underallocation of heap memory and subsequent heap memory corruption.
Author avatar

GHSL-2020-202: Local Privilege Escalation (LPE) in Ubuntu gdm3 - CVE-2020-16125

gdm3 can be tricked into launching `gnome-initial-setup`, enabling an unprivileged user to create a new user account for themselves. The new account is a member of the `sudo` group, so this enables the unprivileged user to obtain admin privileges
Author avatar

GHSL-2020-187: Denial of Service (DoS) in Ubuntu accountsservice - CVE-2020-16126 - CVE-2020-16127

The accountsservice daemon drops privileges to perform certain operations, but in some cases gives unprivileged users permission to send signals. This means that the unprivileged user can send accounts-daemon a `SIGSTOP` signal, which stops the process and causes a denial of service
Author avatar

GHSL-2020-158: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in AspNetCoreMvcSharedLocalization

AspNetCoreMvcSharedLocalization is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS)
Author avatar

GHSL-2020-156: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in IdentityWithoutEF

IdentityWithoutEF is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS)
Author avatar

GHSL-2020-155: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in reactjs-ts-identityserver

reactjs-ts-identityserver is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS)
Author avatar

GHSL-2020-154: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in OnionArch

OnionArch is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS).
Author avatar

GHSL-2020-153: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in dapper-identity

dapper-identity is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS)
Author avatar

GHSL-2020-152: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in DualAuthCore

DualAuthCore is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS)
Author avatar

GHSL-2020-151: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in little-aspnetcore-todo

little-aspnetcore-todo is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS)
Author avatar

GHSL-2020-149: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in Angular-Core-IdentityServer

Angular-Core-IdentityServer is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS)
Author avatar

GHSL-2020-141: Arbitrary code execution in DatabaseSchemaReader - CVE-2020-26207

DatabaseSchemaReader's tool DatabaseSchemaViewer is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted .dbschema file
Author avatar

GHSL-2020-143: Arbitrary Code Execution in FastReports - CVE-2020-27998

FastReports is vulnerable to arbitrary code execution because it compiles and runs C# code from a report template
Author avatar

GHSL-2020-157: Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) in IdentityManager

IdentityManager is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS).
Author avatar

GHSL-2020-134: NULL dereference in Samba - CVE-2020-14323

An unprivileged local user may trigger a NULL dereference bug in Samba's Winbind service leading to Denial of Service (DoS)
Author avatar

GHSL-2020-074, 077, 078: Memory corruptions in HPLIP - CVE-2020-6923

HPLIP contains two memory corruption vulnerabilities which can be triggered by a malicious device or computer that is connected to the same network.
Author avatar

GHSL-2020-113: Command injection vulnerability in limdu - CVE-2020-4066

The `trainBatch` function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability
Author avatar

GHSL-2020-097: Missing hostname validation in twitter-stream - CVE-2020-24392

Missing hostname validation allows an attacker to perform a monster in the middle attack against users of the library.
Author avatar

GHSL-2020-096: Missing hostname validation in tweetstream - CVE-2020-24393

Missing hostname validation allows an attacker to perform a monster in the middle attack against users of tweetstream
Author avatar

GHSL-2020-145: Command injection on Windows in Opener

Although code execution is part of the intended purpose of Opener, a crafted url can run an arbitrary shell command rather than just launching a browser.
Author avatar

GHSL-2020-140: Open redirect in Traefik - CVE-2020-15129

There exists a potential open redirect vulnerability in Traefik's handling of the `X-Forwarded-Prefix` header.
Author avatar

GHSL-2020-132: SQL Injection in Mailtrain - CVE-2020-24617

SQL injection and missing CSRF protection may lead to Remote Code Execution (RCE) or arbitrary file read.
Author avatar

GHSL-2020-126: Open URL redirect in Orange Forum 1.x.x

There exists an `Open URL redirect` vulnerability in the 1.x.x branch of Orange Forum. An attacker can send an Orange Forum user a crafted link targeting the login page of Orange Forum, redirecting to a malicious site.
Author avatar

GHSL-2020-133: Path traversal vulnerability in Adobe git-server - CVE-2020-9708

Malicious users may access any Git repository on the server even if it is outside the served root directory
Author avatar

GHSL-2020-109: Command injection in codecov

The `upload` method has a command injection vulnerability. Clients of the `codecov-node` library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.
Author avatar

GHSL-2020-095 : Monster in the middle attack in em-imap - CVE-2020-13163

Missing hostname validation allows an attacker to perform a monster in the middle attack against users of the library.
Author avatar

GHSL-2020-076: Server-Side Template Injection in Cascade CMS

A user with privileges to edit templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Cascade CMS.
Author avatar

GHSL-2020-046: Server-Side Template Injection in XWiki

A user with privileges to edit wiki content may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running XWiki.
Author avatar

GHSL-2020-042: Server-Side Template Injection in Crafter CMS

A user with privileges to edit a FreeMarker template may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Crafter CMS.
Author avatar

GHSL-2020-086, 087, 088, 089 - Server-Side Template Injection in Apache Camel - CVE-2020-11994

Apache Camel FreeMarker, Velocity, MVEL and Moustache components are vulnerable to Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) or Arbitrary File Disclosure.
Author avatar

GHSL-2020-069: Unsafe deserialization of XMLRPC arguments in ApacheOfBiz - CVE-2020-9496

Apache OfBiz is vulnerable to pre-auth Remote Code Execution (RCE) via unsafe deserialization.
Author avatar

GHSL-2020-068: Cross-Site Scripting in Apache OfBiz - CVE-2020-9496

Apache OfBiz is vulnerable to Reflected Cross-Site Scripting through POST request
Author avatar

GHSL-2020-111: Command injection vulnerability in standard-version

The GitHub Security Lab team has identified a potential security vulnerability in standard-version.
Author avatar

GHSL-2020-072: Arbitrary file disclosure in JinJava - CVE-2020-12668

A user with privileges to write JinJava templates, for example in a CMS context, will be able to read arbitrary files from the file system.
Author avatar

GHSL-2020-071: Server-side template injection in Lithium CMS

A user with privileges to edit a FreeMarker template may execute arbitrary Java code or run arbitrary system commands with escalated privileges.
Author avatar

GHSL-2020-047: Server-side template injection in dotCMS

A user with privileges to edit templates may execute arbitrary Java code or run arbitrary system commands with escalated privileges.
Author avatar

GHSL-2020-045: Server-side template injection in Atlassian Confluence - CVE-2020-4027

A user with privileges to edit User macros may execute arbitrary Java code or run arbitrary system commands with escalated privileges.
Author avatar

GHSL-2020-043: Server-side template injection in Liferay - CVE-2020-13445

A user with privileges to edit FreeMarker or Velocity templates may execute arbitrary Java code or run arbitrary system commands with escalated privileges.
Author avatar

GHSL-2020-039: Server-side template injection in Alfresco - CVE-2020-12873

A user with privileges to edit a FreeMarker template may execute arbitrary Java code or run arbitrary system commands with escalated privileges.
Author avatar

GHSL-2020-058: OOB read in Apache Guacamole prior to 1.2.0 - CVE-2020-9497

The GitHub Security Lab uncovered an OOB read vulnerability in Apache Guacamole prior to version 1.2.0 which may lead to information leak.
Author avatar

GHSL-2020-128: OOB read vulnerability in FreeRDP RLEDECOMPRESS - CVE-2020-4033

The GitHub Security Lab team has uncovered an OOB read vulnerability in FreeRDP's RLEDECOMPRESS function.
Author avatar

GHSL-2020-125: integer signedness mismatch vulnerability in FreeRDP leads to OOB read - CVE-2020-4032

The GitHub Security Lab team has uncovered an integer signedness mismatch vulnerability in FreeRDP's update_recv_secondary_order function which leads to an OOB read vulnerability.
Author avatar

GHSL-2020-124: OOB read vulnerability in FreeRDP update_recv_primary_order - CVE-2020-11095

The GitHub Security Lab team has uncovered an OOB read vulnerability in FreeRDP's update_recv_primary_order function.
Author avatar

GHSL-2020-107: OOB read vulnerability in FreeRDP update_read_cache_bitmap_v3_order - CVE-2020-11096

The GitHub Security Lab team uncovered an OOB read vulnerability in FreeRDP's update_read_cache_bitmap_v3_order function.
Author avatar

GHSL-2020-106: integer signedness mismatch leading to OOB read in FreeRDP - CVE-2020-4030

The GitHub Security Lab team has uncovered an integer signedness mismatch vulnerability in FreeRDP leading to OOB read.
Author avatar

GHSL-2020-105: OOB read vulnerability in FreeRDP glyph_cache_put - CVE-2020-11098

The GitHub Security Lab team uncovered an OOB read vulnerability in FreeRDP's glyph_cache_put function
Author avatar

GHSL-2020-104: OOB read vulnerability in FreeRDP ntlm_av_pair_get - CVE-2020-11097

The GitHub Security Lab team uncovered an OOB read vulnerability in FreeRDP's ntlm_av_pair_get function.
Author avatar

GHSL-2020-103: OOB read vulnerability in FreeRDP license_read_new_or_upgrade_license_packet - CVE-2020-11099

The GitHub Security Lab team uncovered an OOB read vulnerability in FreeRDP's license_read_new_or_upgrade_license_packet function.
Author avatar

GHSL-2020-122: Command injection in git-diff-apply

The GitHub Security Lab team has identified a potential remote code execution in git-diff-apply.
Author avatar

GHSL-2020-110: Command Injection in mversion

The GitHub Security Lab team has identified a potential remote code execution in mversion
Author avatar

GHSL-2020-119: command injection vulnerability in node-dns-sync resolve method - CVE-2020-11079

The Github team has identified a command injection vulnerability in the resolve method of the node-dns-sync library.
Author avatar

GHSL-2020-102: Heap overflow in FreeRDP crypto_rsa_common - CVE-2020-13398

The GitHub Security Lab team has identified a heap overflow in FreeRDP's crypto_rsa_common function.
Author avatar

GHSL-2020-101: NULL dereference in FreeRDP FIPS routines - CVE-2020-13397

The GitHub Security Lab team identified a NULL dereference in FreeRDP's libfreerdp.
Author avatar

GHSL-2020-100: Out of Bounds (OOB) read vulnerability in FreeRDP - CVE-2020-13396

The GitHub Security Lab team has identified an Out of Bounds read vulnerability in FreeRDP's ntlm_read_ChallengeMessage function.
Author avatar

GHSL-2020-099: mXSS vulnerability in AngularJS

The GitHub Security Lab team has found a potential mXSS vulnerabulity in AngularJS.
Author avatar

GHSL-2020-094: Missing SSL/TLS certificate hostname validation in em-http-request - CVE-2020-13482

The GitHub Security Lab team uncovered a missing hostname validation vulnerability in the em-http-request library that allows an attacker to perform a Person In The Middle (PITM) attack against users of the library.
Author avatar

GHSL-2020-075, GHSL-2020-079, GHSL-2020-080, GHSL-2020-081, GHSL-2020-082, GHSL-2020-083, GHSL-2020-084: Multiple vulnerabilities in SANE Backends (DoS, RCE)

The GitHub Security Lab team identified multiple memory corruption vulnerabilities in SANE Backends which may lead to Denial of Service (DoS) and Remote Code Execution (RCE).
Author avatar

GHSL-2020-064: integer overflow in LibVNCClient HandleCursorShape resulting in remote heap overflow - CVE-2019-20788

The GitHub Security Lab team detected an integer overflow in LibVNCClient HandleCursorShape RFB event handler.
Author avatar

GHSL-2020-057: dbus file descriptor leak (DoS) - CVE-2020-12049

The GitHub Security Lab team has identified a file descriptor leak in dbus that can lead to local Denial of Service.
Author avatar

GHSL-2020-073: Path traversal in Jooby - CVE-2020-7647

The GitHub Security Lab team has identified a path traversal vulnerability in Jooby that can lead to information disclosure.
Author avatar

GHSL-2020-055: Server-Side Template Injection in Apache Syncope (RCE) - CVE-2019-17557

The GitHub Security Lab team has identified several potential security vulnerabilities in Apache Syncope, including RCE and XSS.
Author avatar

GHSL-2020-054: XSS in Apache Syncope - CVE-2020-1961

The GitHub Security Lab team has identified a XSS vulnerability in Apache Syncope.
Author avatar

GHSL-2020-029: Server-Side template injection in Apache Syncope (RCE) - CVE-2020-1959

The GitHub Security Labs team has identified a Server-Side template injection vulnerability in Apache Syncope, which leads to RCE.
Author avatar

GHSL-2020-020: EL expression input sanitation bypass in Hibernate Validator - CVE-2020-10693

The GitHub Security Labs team has identified an EL expression input sanitation bypass vulnerability in Hibernate Validator.
Author avatar

GHSL-2020-085: Open redirect vulnerability in Sourcegraph - CVE-2020-12283

By exploiting an open redirect vulnerability, an attacker could potentially redirect a victim to any arbitrary URL and access their OAUTH token.
Author avatar

GHSL-2020-051, GHSL-2020-052: Multiple vulnerabilities in NTOP nDPI

The GitHub Security Lab team has identified several potential security vulnerabilities in NTOP nDPI, including RCE and DoS.
Author avatar

GHSL-2020-010: Out-Of-Bounds write in Android Open Source Project - CVE-2020-0070

An OOB write in AOSP allows an attacker within NFC range to obtain remote code execution on android device's NFC daemon.
Author avatar

GHSL-2020-008: Out-Of-Bounds write in Android Open Source Project - CVE-2020-0071

An OOB write in AOSP allows an attacker within NFC range to obtain remote code execution on android device's NFC daemon.
Author avatar

GHSL-2020-007: Out-of-bounds write in Android Open Source Project - CVE-2020-0072

An OOB write in AOSP allows an attacker within NFC range to obtain remote code execution on android device's NFC daemon.
Author avatar

GHSL-2020-006: Out-Of-Bounds write in Android Open Source Project - CVE-2020-0073

An OOB write in AOSP allows an attacker within NFC range to obtain remote code execution on android device's NFC daemon.
Author avatar

GHSL-2020-031: SQL injection in PureFTPd

Improper sanitization of SQL queries lead to SQL injection via a configuration file.
Author avatar

GHSL-2020-053: Use After Free in Chrome WebAudio

The GitHub Security Labs team has identified a Use after free in Chrome WebAudio.
Author avatar

GHSL-2020-041: Use After Free in Chrome WebAudio

The GitHub Security Labs team has identified a Use after free in Chrome WebAudio.
Author avatar

GHSL-2020-040: Use After Free in Chrome WebAudio

The GitHub Security Labs team has identified a Use after free in Chrome WebAudio.
Author avatar

GHSL-2020-038: Use after free in Chrome WebAudio

The GitHub Security Labs team has identified a Use after free in Chrome WebAudio.
Author avatar

GHSL-2020-037: Use after free in Chrome WebAudio

The GitHub Security Labs team has identified a Use after free in Chrome WebAudio.
Author avatar

GHSL-2020-035: Use after free in Chrome WebAudio

The GitHub Security Labs team has identified a Use after free in Chrome WebAudio.
Author avatar

GHSL-2020-030: Server-Side Template Injection in Dropwizard

Server-Side Template Injection in Dropwizard leading to Remote Code Execution (RCE).
Author avatar

GHSL-2020-015: Remote Code Execution - Bypass of CVE-2018-16621 mitigations in Nexus Repository Manager

High privileged users can bypass the existing mitigations and inject arbitrary Java EL expressions in Nexus Repository Manager, leading to a Remote Code Execution (RCE) vulnerability.
Author avatar

GHSL-2020-014: Remote Code execution - Dynamic Code Evaluation via Scheduled Tasks in Nexus Repository Manager

It is possible for a user with the right permissions to execute arbitrary groovy or javascript scripts resulting in remote code execution.
Author avatar

GHSL-2020-013: Remote Code Execution - Dynamic Code Evaluation via Scripts in Nexus Repository Manager

It is possible for a user with the right permissions to execute arbitrary groovy or javascript scripts resulting in remote code execution.
Author avatar

GHSL-2020-012: Remote Code Execution - JavaEL Injection (high privileged accounts) in Nexus Repository Manager

High privileged users can inject arbitrary Java EL expressions in Nexus Repository Manager, leading to a Remote Code Execution (RCE) vulnerability.
Author avatar

GHSL-2020-009: UAF leads to RCE in ProFTPD

A use-after-free vulnerability in ProFTPD could allow a remote attacker to execute arbitrary code on the affected system.
Author avatar

GHSL-2020-016: Persistent Cross-Site scripting in Nexus Repository Manager

An attacker with elevated privileges can create content selectors with a specially crafted name using the REST API, which when viewed by another user can execute arbitrary JavaScript in the context of the NXRM application.
Author avatar

GHSL-2020-011: Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager

Attackers can inject arbitrary Java EL expressions in Nexus Repository Manager, leading to a Remote Code Execution (RCE) vulnerability.
Author avatar

GHSL-2020-056: Double free in OpenSSL client

The GitHub Security Labs team has identified a security issue in OpenSSL in which an attacker can force a client into freeing the same memory twice.
Author avatar

GHSL-2020-028: Server-Side Template Injection in Netflix Titus

A Server-Side Template Injection was identified in Netflix Titus enabling attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vulnerability.
Author avatar

GHSL-2020-027: Server-Side Template Injection in Netflix Conductor

A Server-Side Template Injection was identified in Netflix Conductor enabling attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vulnerability.
Author avatar

GHSL-2020-032: out-of-bounds (OOB) read vulnerability in PureFTPd

An out-of-bounds (OOB) read vulnerability has been detected in PureFTPd's pure_strcmp function.
Author avatar

GHSL-2020-026: Person in the middle attacks with lua-openssl

Several security issues have been found in the way X509 certificate validation functions are exposed to LUA. Clients using certain functions in lua-openssl are exposed to person-in-the-middle attacks.
Author avatar

GHSL-2020-025: OOB read and DoS in PureFTPd

An uninitialized pointer vulnerability in PureFTPd results in Out-of-Bounds reads and Denial of Service.
Author avatar

GHSL-2020-003, GHSL-2020-004, GHSL-2020-005: Person in the middle attack on openfortivpn clients

Several security issues have been found in the way openfortivpn deals with TLS. These issues can lead to situations in which an attacker can perform a person-in-the-middle attack on clients.
Author avatar

GHSL-2020-002: out-of-bounds (OOB) read in ProFTPD

An out-of-bounds (OOB) read vulnerability detected in mod_cap.
Author avatar

GHSL-2020-001: Off-by-one heap overflow in Bftpd

Under certain circumstances, an off-by-one heap overflow can occur in the command_retr function.
Author avatar

Older (before March 2020)

Disclosure policy

Last updated: November 10th, 2021

The GitHub Security Lab research team is dedicated to working closely with the open source community and with projects that are affected by a vulnerability, in order to protect users and ensure a coordinated disclosure. When we identify a vulnerability in a project, we will report it by contacting the publicly-listed security contact for the project if one exists; otherwise we will attempt to contact the project maintainers directly.

If the project team responds and agrees the issue poses a security risk, we will work with the project security team or maintainers to communicate the vulnerability in detail, and agree on the process for public disclosure. Responsibility for developing and releasing a patch lies firmly with the project team, though we aim to facilitate this by providing detailed information about the vulnerability.

Our disclosure deadline for publicly disclosing a vulnerability is: 90 days after the first report to the project team.

We appreciate the hard work maintainers put into fixing vulnerabilities and understand that sometimes more time is required to properly address an issue. We want project maintainers to succeed and because of that we are always open to discuss our disclosure policy to fit your specific requirements, when warranted.

We believe that sharing a disclosure policy with maintainers is the first step to a smooth collaboration and we encourage all vulnerability reporters to do so. If our disclosure policy resonates with you feel free to copy it and use it for your own disclosures.

Please contact us at securitylab@github.com if you have any questions about our disclosure policy or our security research.